Primary

Context

Tenda O3 Stack-Based Buffer Overflow Vulnerability

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in the Tenda O3 router, specifically in the V1.0.0.10(2478) firmware. The issue arises in the '/goform/sysAutoReboot' endpoint, where the 'enable' POST parameter is accepted without proper length or content validation. This vulnerability can be exploited remotely, leading to potential arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/sysAutoReboot' endpoint with a crafted 'enable' parameter that exceeds the buffer limit. This can be done using a Python script that includes a payload of repeated characters. After the payload is accepted, send a POST request to the '/goform/getNetworkService' endpoint to trigger the overflow.

Added: Oct 27, 2025, 4:18 AM

Updated: Oct 27, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda O3 Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Tenda O3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating