Tenda AC18 Stack Overflow Vulnerability in formSetSpeedWan Function

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AC18 router, specifically in the V15.03.05.19 firmware. The issue arises in the formSetSpeedWan function, where the speed_dir parameter is extracted from a POST request without adequate validation. This unvalidated input is then used in a sprintf function, allowing an attacker to craft a specific speed_dir value that overflows the stack buffer. The exploitation of this vulnerability can lead to a crash of the affected function or the entire device, causing a denial-of-service condition. Notably, this vulnerability can be exploited remotely by an unauthenticated attacker.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a crash of the affected function or the entire device, creating a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC18 Stack Overflow Vulnerability in formSetSpeedWan Function

Vulnerability

Impact

Affected Products

Tenda AC18

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating