Primary

Context

Tenda AC10 Buffer Overflow Vulnerability in AdvSetMacMtuWan

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC10 router, specifically in the firmware version V4.0si_V16.03.10.20. The vulnerability arises in the AdvSetMacMtuWan function, where the wanMTU2 parameter can be manipulated to cause a stack overflow. This overflow allows remote, unauthenticated attackers to hijack the program's control flow.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a segmentation fault and allowing for control over the program's execution flow.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'AdvSetMacMtuWan' endpoint with the 'wanMTU2' parameter set to a value that exceeds the buffer size, such as a string of 'a' characters. This can be done using a Python script that automates the request.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC10 Buffer Overflow Vulnerability in AdvSetMacMtuWan

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC10

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating