Buffer Overflow Vulnerability in Tenda AC Series Routers
CVE-2018-18709

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac7 Firmware
Vendor: CVE Published:; 29 October 2018

Summary

A buffer overflow vulnerability has been identified in Tenda AC series routers, specifically through the web server ('httpd'). When handling POST requests containing the 'firewallEn' parameter, the software improperly utilizes this parameter in a strcpy function. This mishandling enables attackers to overflow the stack, allowing for the potential overwrite of critical return addresses within the function, thus posing a significant security risk.

References

https://github.com/zsjevilhex/iot/blob/master/route/tenda...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2018
Vulnerability Reserved
Oct 27, 2018