In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
The endpoint /goform/WifiBasicSet handling Wi-Fi network configuration does not properly validate the length of data passed in the 'security' parameter. Passing an appropriately crafted, excessively long value causes a stack buffer overflow (CWE-121 – Stack-based Buffer Overflow). By exploiting this, an attacker can overwrite stack control data and hijack program execution flow, leading to arbitrary code execution.
An unauthenticated remote attacker can gain full control over the device by executing arbitrary code (RCE), which threatens the confidentiality, integrity, and availability of the router and the network it supports.
Patches available from the manufacturer should be applied according to the references. Until an update is released, it is recommended to restrict access to the device management interface only to trusted hosts and to disable remote access to the administrative panel from the WAN network side.
Tenda AC9 v1.0 with firmware V15.03.05.14_multi
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac9
HWTenda1.0Tenda Ac9 Firmware
OSTenda15.03.05.14_multi
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Command injection w funkcji Telnet routera Tenda AC9
Command injection w Tenda AC9 — funkcja formSetSambaConf (parametr usbname)
Command injection w Tenda AC9 via parametr deviceName
Stack overflow w Tenda AC9 – RCE przez parametr rebootTime