Primary

Context

Tenda AC21 Buffer Overflow Vulnerability in Parent Control Information Management

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC21 router running firmware version V16.03.08.16. The issue arises in the '/goform/saveParentControlInfo' endpoint, where the 'deviceId' parameter is processed by the 'httpd' binary. The vulnerability allows for a heap-based buffer overflow, which can be exploited to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, causing a segmentation fault and disrupting the service.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/saveParentControlInfo' with a 'deviceId' parameter that exceeds the allocated buffer size. The 'deviceId' can be filled with a large amount of data, which will be copied into a heap buffer without proper bounds checking, leading to the buffer overflow.

Added: Nov 20, 2025, 3:19 PM

Updated: Nov 20, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC21 Buffer Overflow Vulnerability in Parent Control Information Management

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC21

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating