Primary

Context

Tenda AC21 Buffer Overflow Vulnerability in SetStaticRouteCfg Function

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Tenda AC21 router, affecting firmware versions through 16.03.08.16. The issue arises in the SetStaticRouteCfg function, where the sscanf function is used to parse the 'list' argument without proper bounds checking. This vulnerability can be exploited remotely, leading to a stack overflow that could potentially allow for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, leading to a stack overflow that can be exploited for arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a crafted HTTP POST request to the '/goform/SetStaticRouteCfg' endpoint. The request must include a 'list' parameter with a value that exceeds the expected length, bypassing the lack of bounds checking in the sscanf function. This can be done using a web application testing tool or script that automates the process of sending HTTP requests.

Added: Sep 28, 2025, 2:18 AM

Updated: Sep 28, 2025, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC21 Buffer Overflow Vulnerability in SetStaticRouteCfg Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC21

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating