A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.
The vulnerability exists in the SUB_0046AC38 function handling the /goform/WifiExtraSet endpoint. Sending a properly crafted value of the wpapsk_crypto argument causes a stack-based buffer overflow, which results from the lack of proper validation of input data length (CWE-120, CWE-787). Stack overwrite allows the attacker to take control of the program execution flow.
A remote unauthenticated attacker can gain full control over the device, including the ability to execute arbitrary code (RCE) with the privileges of the process handling network requests.
Apply patches available from the manufacturer according to the references. As a temporary measure, it is recommended to restrict access to the device's administrative interface only to trusted hosts on the local network and block access to the /goform/WifiExtraSet endpoint from the WAN.
Tenda AC8V4 with firmware version V16.03.34.06
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac8
HWTenda4.0Tenda Ac8 Firmware
OSTenda16.03.34.06
Related vulnerabilities
Buffer Overflow w Tenda AC8 — funkcja fromSetRouteStatic
Tenda AC8V4 — stack overflow w parametrze shareSpeed (RCE)
Buffer overflow w Tenda AC8V4 — stack overflow w funkcji get_parentControl_list_Info
Tenda AC8V4 — stack overflow przez parametr shareSpeed (RCE)
Tenda AC8v4 — stack overflow w funkcji setSchedWifi (schedEndTime)