Buffer Overflow Vulnerability in Tenda G1 and G3 Routers
CVE-2021-27706

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: G1 Firmware
Vendor: CVE Published:; 14 April 2021

What is CVE-2021-27706?

A buffer overflow vulnerability exists in Tenda G1 and G3 routers when processing crafted requests. The flaw arises in the 'formIPMacBindDel' function, where user-controlled input is passed to the 'strcpy' function without proper bounds checking. Exploiting this vulnerability could allow remote attackers to execute arbitrary code on the affected devices, posing significant risks to network security and user data.

References

https://hackmd.io/BhzJ4H20TjqKUiBrDOIKaw

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Feb 25, 2021