A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
The vulnerability is located in the webCgiGetUploadFile function, which calls the socketRead function to process incoming HTTP messages. During this process, input data sizes are not properly validated, leading to stack buffer overflow. An attacker can craft a specially constructed HTTP request and send it to the device over the network without needing any privileges or user interaction.
An attacker can gain full control over the device, including the ability to execute arbitrary code (RCE), breach data confidentiality and integrity, and cause service unavailability. The network vector and lack of authentication requirements make this vulnerability particularly dangerous.
Apply patches available from the manufacturer according to the references. Until updates are deployed, it is recommended to restrict access to the device's administrative interface only to trusted IP addresses and isolate the device from untrusted networks using a firewall.
Tenda AC15 with firmware version V15.13.07.13
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac15
HWTendawszystkie wersjeTenda Ac15 Firmware
OSTenda15.13.07.13
Related vulnerabilities
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...
Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg
Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload
Command injection w Tenda AC15 — brak walidacji parametru formSetIptv
Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła