Tenda AC9 AC7 AC10 Routers are Vulnerable to Buffer Flow Resulting in a DoS

Yuan Ming of the Network and Information Security Lab at Tsinghua University in Beijing discovered a buffer overflow vulnerability in Tenda router webserver HTTPD. He discovered that the vulnerability existed when the limitSpeed and limitSpeedup parameters for a post request were processed as the value sends formatted output to a local variable string pointed to on the stack. The buffer overflow is caused in this as the return address of the function is overridden in the process

The following proof of concept of this vulnerability, also provided by Yuan Ming.

The vulnerability lies with Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices. The vulnerability has been assigned the label CVE-2018-14492.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.