Primary

Context

Tenda F3 Buffer Overflow Vulnerability in QoS Settings

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda F3 router, specifically in versions 12.01.01.48_multi and later. The issue arises in the QoS settings management, where the QosList parameter can be manipulated to cause a buffer overflow.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the device to crash and resulting in a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/setQos endpoint. The request must include the QosList parameter, which can be crafted to exceed the buffer limit. This overflow causes the router to crash, demonstrating the denial-of-service impact.

Added: Sep 10, 2025, 4:26 PM

Updated: Sep 10, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

6.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

6.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F3 Buffer Overflow Vulnerability in QoS Settings

Vulnerability

Impact

Reproduction

Affected Products

Tenda F3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating