Buffer Overflow Vulnerability in Tenda AC Series Routers
CVE-2018-18730

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac7 Firmware
Vendor: CVE Published:; 29 October 2018

What is CVE-2018-18730?

A buffer overflow issue exists in the web server (httpd) of Tenda's AC series routers, specifically when handling 'startIp' and 'endIp' parameters in POST requests. This vulnerability occurs because values from these parameters are improperly managed by being directly used in a sprintf function, leading to potential overwriting of the function's return address. This flaw could be exploited by an attacker to execute arbitrary code on the device or disrupt its operation, posing significant security risks.

References

https://github.com/ZIllR0/Routers/blob/master/Tenda/stack...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2018
Vulnerability Reserved
Oct 27, 2018