Primary

Context

Tenda AC15 Stack-Based Buffer Overflow Vulnerability in GetParentControlInfo Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, running firmware version 15.03.05.19. The issue arises in the GetParentControlInfo function within the file /goform/GetParentControlInfo. The vulnerability is caused by improper handling of the 'src' argument, which leads to a stack-based buffer overflow.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /goform/GetParentControlInfo endpoint with a crafted 'mac' parameter. The payload should be a string of 51,200 bytes, followed by the bytes representing the hexadecimal value 'efbeadde'. This request can be made using a Python script that utilizes the 'requests' library.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

7.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

7.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC15 Stack-Based Buffer Overflow Vulnerability in GetParentControlInfo Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC15

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating