Buffer Overflow Vulnerability in Tenda AC Series Routers
CVE-2018-14557

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac7 Firmware
Vendor: CVE Published:; 25 April 2019

Summary

A buffer overflow vulnerability exists in the web server of Tenda AC7, AC9, and AC10 routers. This flaw occurs when processing the page parameters for a post request, where the input is directly written to a local variable on the stack using sprintf. This allows for the potential overwrite of the return address of the function, compromising the security of the device. Users are urged to update their firmware promptly to mitigate these risks.

References

https://github.com/zsjevilhex/iot/blob/master/route/tenda...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Jul 23, 2018