Tenda AC9 Buffer Overflow Vulnerability

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC9 router, specifically in version 1.0. This vulnerability arises from the device's configuration file, where the router fails to enforce length restrictions on individual fields. The issue occurs when the 'GetValue' function retrieves data from the configuration file and stores it on the stack. An attacker can exploit this by modifying the configuration file to include excessively long strings, which, when uploaded to the router, can lead to a stack-based buffer overflow. This exploitation can cause a permanent denial-of-service condition on the device.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, leading to a permanent denial-of-service condition on the device.

Added: Sep 23, 2025, 7:19 PM

Updated: Sep 23, 2025, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC9 Buffer Overflow Vulnerability

Vulnerability

Impact

Affected Products

Tenda AC9

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating