Primary

Context

Tenda AC8 Buffer Overflow Vulnerability in WifiBasicSet Function

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC8 router, specifically in version 16.03.34.06. The issue arises within the WifiBasicSet function, where the security and security_5g parameters can be exploited to cause a stack overflow. This vulnerability was confirmed through code auditing and real-world testing.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing the router to crash and disconnect all connected devices. The router cannot be reconnected even after a reboot.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WifiBasicSet' endpoint with a sufficiently long payload in the 'security' parameter. This causes the router to crash and disconnect all devices.

Added: Sep 3, 2025, 4:26 PM

Updated: Sep 3, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC8 Buffer Overflow Vulnerability in WifiBasicSet Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC8

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating