Primary

Context

Tenda F3 Buffer Overflow Vulnerability in WiFi Time Management

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda F3 router, specifically in versions V12.01.01.48_multi and later. The issue arises in the WiFi time management feature, where the 'wifiTimeClose' parameter in the 'goform/setWifi' endpoint can be exploited.

Impact

Exploitation of this vulnerability leads to a buffer overflow, causing the device to crash and creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'goform/setWifi' endpoint. The request must include the 'wifiTimeClose' parameter, which should be crafted to overflow the buffer. This can be done by appending a large amount of data after a valid time range, such as '00:00-07:00'.

Added: Sep 10, 2025, 4:24 PM

Updated: Sep 10, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

6.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

9.1

remediation

6.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F3 Buffer Overflow Vulnerability in WiFi Time Management

Vulnerability

Impact

Reproduction

Affected Products

Tenda F3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating