Описание
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-4008
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDset-go-buffer-overflow
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDset-index-buffer-overflow
- https://vuldb.com/?ctiid.350531
- https://vuldb.com/?id.350531
- https://vuldb.com/?submit.769182
- https://vuldb.com/?submit.769183
- https://www.tenda.com.cn
Связанные уязвимости
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Уязвимость функции formwrlSSIDset() микропрограммного обеспечения беспроводных точек доступа Tenda W3, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации