Primary

Context

Tenda AC1206 Buffer Overflow Vulnerability in the formSetCfm Function

Vulnerability

A critical buffer overflow vulnerability has been identified in the Tenda AC1206 router, affecting versions through 15.03.06.23. The issue arises in the formSetCfm function within the file /goform/setcfm. This vulnerability allows for remote exploitation, where an attacker can manipulate input to cause a buffer overflow, potentially leading to arbitrary code execution or causing a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the /goform/setcfm endpoint. The request must include an input buffer that exceeds the size of the output buffer, causing a buffer overflow. This can be done using a variety of tools or scripts that automate the process of sending such requests.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC1206 Buffer Overflow Vulnerability in the formSetCfm Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC1206

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating