Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
The vulnerability is a classic buffer overflow (CWE-120) — lack of proper validation of input data length for the mac2 parameter sent to the AdvSetMacMtuWan function. An attacker can provide specially crafted data that will overflow the stack buffer, overwriting critical memory areas. The attack is possible remotely, without authentication and without user interaction, making it particularly dangerous in network-exposed environments.
An attacker can gain full control of the device, leading to a breach of confidentiality, integrity and availability of the system, including potential arbitrary code execution (RCE) or permanent damage to the device.
Apply patches available from the manufacturer according to the references. Until an update is released, it is recommended to restrict access to the device's administrative interface only to trusted local networks and block access from the Internet using a firewall.
Tenda AC10 firmware version V4.0si_V16.03.10.20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac10
HWTenda4.0Tenda Ac10 Firmware
OSTenda16.03.10.20
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Buffer overflow w Tenda AC10 – RCE i DoS przez pole serviceName
Buffer Overflow w Tenda AC10 — handler formSetPPTPUserList
Buffer Overflow w Tenda AC10 – parametr ssid w form_fast_setting_wifi_set
Command injection w Tenda AC10 — zdalne wykonanie kodu przez formexeCommand