Primary

Context

Tenda AC7 Buffer Overflow Vulnerability in timeZone Parameter Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC7 router, specifically in version 1.0, release V15.03.06.44. The issue arises in the form_fast_setting_wifi_set function, where the timeZone parameter is improperly handled, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability can result in remote code execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the router's web interface that includes a specially formatted timeZone parameter. This parameter should be designed to overflow the buffer in the form_fast_setting_wifi_set function, which can be achieved by exceeding the expected length of the input. Once the buffer overflow is triggered, it can be exploited to execute arbitrary code on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC7 Buffer Overflow Vulnerability in timeZone Parameter Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC7

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating