A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
The vulnerability occurs in the fromAdvSetMacMtuWan function inside the device's bin httpd process. An attacker sends a crafted HTTP POST request to the /goform/AdvSetMacMtuWan endpoint, intentionally passing an excessively long or maliciously formatted value in the serviceName field. This causes a buffer overflow (CWE-120), leading to memory corruption in the process. As a result, it is possible to either crash the device or take control over the code execution flow.
An attacker can cause device unavailability (DoS) or execute arbitrary code on the vulnerable router with httpd process privileges, which in practice means complete compromise of the device.
Patches available from the manufacturer should be applied according to the references. Until updates are released, it is recommended to restrict access to the router's administrative interface only to trusted hosts and block access to the /goform/AdvSetMacMtuWan endpoint from external networks.
Tenda AC10V4.0 with firmware version V16.03.10.20
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac10
HWTenda4.0Tenda Ac10 Firmware
OSTenda16.03.10.20
Related vulnerabilities
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firm...
Buffer Overflow w Tenda AC10 — handler formSetPPTPUserList
Buffer overflow w Tenda AC10 – podatność w funkcji AdvSetMacMtuWan (mac2)
Command injection w Tenda AC10 — zdalne wykonanie kodu przez formexeCommand
Buffer Overflow w Tenda AC10 – parametr ssid w form_fast_setting_wifi_set