Buffer Overflow Vulnerability in Tenda Router Web Server
CVE-2018-18727

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac7 Firmware
Vendor: CVE Published:; 29 October 2018

Summary

A buffer overflow issue has been identified in the web server (httpd) of specific Tenda router models. This vulnerability occurs when processing the 'deviceList' parameter in a post request, where the value is used unsafely in a strcpy operation. This can lead to stack memory corruption, which allows an attacker to manipulate the return address of the executed function, potentially enabling unauthorized actions on the affected devices.

References

https://github.com/ZIllR0/Routers/blob/master/Tenda/stack...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2018
Vulnerability Reserved
Oct 27, 2018