Primary

Context

Tenda AC10 Buffer Overflow Vulnerability in AdvSetMacMtuWan

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC10 router, specifically in the AdvSetMacMtuWan function. This issue arises from improper handling of the mac2 key value, leading to a stack overflow via a strcpy operation. The vulnerability is present in version V4.0si_V16.03.10.20.

Impact

Exploitation of this vulnerability causes a stack overflow, allowing for control over the program's execution flow, which could lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the AdvSetMacMtuWan endpoint with the mac2 parameter set to a string of 'a' characters, approximately 768 bytes in length. This can be done using a Python script that automates the request.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC10 Buffer Overflow Vulnerability in AdvSetMacMtuWan

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC10

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating