Primary

Context

Tenda O3V2 Buffer Overflow Vulnerability in MAC Filter Function

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda O3V2 router, specifically in version 1.0.0.12(3880). The issue arises in the 'fromSafeSetMacFilter' function, where the 'mac' parameter is not properly validated. This lack of input sanitization allows remote attackers to send excessively long data, leading to a stack overflow. Exploitation of this vulnerability can cause the router to crash, disrupt normal service, and potentially allow for arbitrary code execution.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a denial of service where the device cannot provide services correctly and persistently. Additionally, the nature of the buffer overflow could allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/setMacFilterList' endpoint. Include a 'mac' parameter with a payload that is excessively long. The router will crash, demonstrating the buffer overflow vulnerability.

Added: Aug 22, 2025, 6:22 PM

Updated: Aug 22, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda O3V2 Buffer Overflow Vulnerability in MAC Filter Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda O3V2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating