Primary

Context

Tenda AC8V4 Stack-Based Buffer Overflow Vulnerability in WiFi Settings

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in the Tenda AC8V4 router, specifically in version V16.03.34.06. The issue arises within the '/goform/fast_setting_wifi_set' endpoint, where the 'timeZone' parameter can be manipulated. This unrestricted input is processed by the 'form_fast_setting_wifi_set' function, leading to the overflow.

Impact

Exploitation of this vulnerability causes a stack overflow, which can potentially be leveraged for arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/fast_setting_wifi_set' endpoint. Include a 'ssid' parameter with a placeholder value and a 'timeZone' parameter filled with a crafted string that exceeds the buffer limit, such as 1000 bytes of 'A'.

Added: Jul 24, 2025, 6:01 PM

Updated: Jul 24, 2025, 6:01 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC8V4 Stack-Based Buffer Overflow Vulnerability in WiFi Settings

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC8V4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating