Primary

Context

Tenda TX3 Buffer Overflow Vulnerability in SetIpMacBind Function

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Tenda TX3 router, specifically in the version through 16.03.13.11_multi. The issue arises in the file '/goform/SetIpMacBind', where user-supplied input is not properly validated before being copied to a stack-based buffer. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can disrupt normal operation or allow for the execution of malicious code.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/SetIpMacBind' with a crafted 'list' parameter. The payload should include 1000 'a' characters followed by a newline and 1000 'b' characters. This input will overflow the stack-based buffer, potentially leading to code execution or a denial-of-service condition.

Added: Feb 8, 2026, 6:19 AM

Updated: Feb 8, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.5

remediation

7.7

relevance

2.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

8.5

remediation

7.7

relevance

2.8

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda TX3 Buffer Overflow Vulnerability in SetIpMacBind Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda TX3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating