Volerion logoVolerion
Volerion logoVolerion

Tenda AC8V4 Stack-Based Buffer Overflow Vulnerability in Parent Control Management

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda AC8V4 router, specifically in version V16.03.34.06. The issue arises in the '/goform/saveParentControlInfo' endpoint, where the 'time' parameter can be manipulated. The vulnerability is caused by the 'time' field being accepted without a length restriction, allowing excessively long strings to be processed by the 'sscanf' function and potentially leading to a stack overflow.

Impact

Exploitation of this vulnerability causes a stack overflow, which can commonly lead to arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/saveParentControlInfo' endpoint with a 'time' parameter that contains a long string. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.

Added: Jul 24, 2025, 5:56 PM
Updated: Jul 24, 2025, 5:56 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.