| 标题 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow |
|---|
| 描述 | This vulnerability will cause the device's web service to continuously restart or fail to start, and it is difficult to restore factory settings. Even if the device is restarted, the vulnerability will still be triggered.
The `formGetDdosDefenceList` function has a stack overflow vulnerability.
The `security.ddos.map` configuration field has a stack overflow vulnerability.
An attacker can tamper with the value of `security.ddos.map` in the configuration file, turning it into an overly long string, which can cause a stack overflow and crash the web service. If the string is carefully constructed, it may lead to remote code execution. |
|---|
| 来源 | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda3.md |
|---|
| 用户 | jfkk (UID 79868) |
|---|
| 提交 | 2026-01-31 15時31分 (3 月前) |
|---|
| 管理 | 2026-02-07 18時28分 (7 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 344894 [Tenda AC9 15.03.06.42_multi formGetDdosDefenceList security.ddos.map 内存损坏] |
|---|
| 积分 | 20 |
|---|