| 标题 | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow |
|---|
| 描述 | # Stack Overflow Vulnerability in the `set_local_time_0` Function of Tenda W12
## Basic Information
- Vendor: Tenda
- Product: W12
- Firmware Version: V3.0.0.7(4763)
- Firmware Release Date: 2026-03-04
## Vulnerability Overview
A stack overflow vulnerability exists in the `set_local_time_0` function of the `/bin/httpd` binary in Tenda W12 V3.0.0.7(4763). An attacker can remotely trigger the vulnerability by sending a specially crafted request.
## Detailed Analysis
The `set_local_time_0` function is called from the `cgiSysLogin` function.
A vulnerability exists in the parsing of the `time` field from the JSON request inside `set_local_time_0`, which results in a stack overflow.
PoC request:
```
{
"sysLogin": {
"password": "Admin123",
"time": "2026;04;26;12;00;"+"A"*0x1000
}
}
```
## Impact
- Stack Overflow
- May lead to:
- Device crash (DoS)
- Potential remote code execution (RCE)
|
|---|
| 来源 | ⚠️ http://cdn2.v50to.cc/set_local_time_0_overflow.zip |
|---|
| 用户 | CookedMelon (UID 52513) |
|---|
| 提交 | 2026-05-06 08時37分 (30 日前) |
|---|
| 管理 | 2026-05-30 18時47分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367473 [Tenda W12 3.0.0.7(4763) /bin/httpd set_local_time_0 时间 内存损坏] |
|---|
| 积分 | 17 |
|---|