Primary

Context

Tenda AC8v4 Stack Overflow Vulnerability in openSchedWifi Function

Vulnerability

A stack overflow vulnerability has been identified in the Tenda AC8v4 router, specifically in version V16.03.34.06. The issue arises in the 'setSchedWifi' function within the '/goform/openSchedWifi' file. The vulnerability allows for a stack-based buffer overflow by manipulating the 'schedStartTime' parameter in a POST request. The function does not properly validate the input, enabling the user to exceed the buffer capacity and overwrite adjacent memory.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/openSchedWifi' with the 'schedStartTime' parameter. The value of this parameter should be crafted to exceed 25 bytes, which will trigger the buffer overflow by overwriting the stack.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC8v4 Stack Overflow Vulnerability in openSchedWifi Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC8v4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating