Primary

Context

Tenda F3 Buffer Overflow Vulnerability in Parent Control Management

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda F3 router, specifically in versions V12.01.01.48_multi and later. The issue arises in the 'goform/setParentControl' endpoint, where the 'onlineList' parameter can be manipulated to cause a buffer overflow.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the device to crash and creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setParentControl' endpoint. The request must include the 'onlineList' parameter, which should be crafted to overflow the buffer. This can be done by appending a large amount of data after a valid input, such as a MAC address or IP address, effectively overwriting adjacent memory and causing the device to crash.

Added: Sep 10, 2025, 4:25 PM

Updated: Sep 10, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F3 Buffer Overflow Vulnerability in Parent Control Management

Vulnerability

Impact

Reproduction

Affected Products

Tenda F3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating