Primary

Context

Tenda AC18 Stack-Based Buffer Overflow Vulnerability in WiFi Settings Function

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in the Tenda AC18 router, specifically in version V15.03.05.19. The issue arises in the 'form_fast_setting_wifi_set' function, where the 'ssid' parameter is processed. The function lacks proper size validation, allowing an attacker to send a crafted 'ssid' parameter that exceeds the capacity of two stack buffers, each 64 bytes. This overflow can disrupt normal service or, potentially, enable remote code execution by overwriting critical stack memory with maliciously controlled data.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a denial-of-service condition or allow for remote code execution by manipulating stack memory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC18 Stack-Based Buffer Overflow Vulnerability in WiFi Settings Function

Vulnerability

Impact

Affected Products

Tenda AC18

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating