Primary

Context

Tenda F3 Buffer Overflow Vulnerability in NAT Configuration

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda F3 router, specifically in versions 12.01.01.48_multi and later. The issue arises in the NAT configuration form, where the macFilterList parameter can be exploited.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the device to crash and creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/setNAT endpoint. The request must include a crafted macFilterList parameter that exceeds the buffer capacity, along with other required parameters for the NAT configuration.

Added: Sep 10, 2025, 4:25 PM

Updated: Sep 10, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F3 Buffer Overflow Vulnerability in NAT Configuration

Vulnerability

Impact

Reproduction

Affected Products

Tenda F3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating