Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
The attacker sends a specially crafted network request containing an excessively long value of the shareSpeed parameter, which is processed by the sub_47D878 function without data size verification. The excess data overflows the stack buffer (stack overflow), allowing the attacker to overwrite the function's return address or other critical structures. As a result, the attacker can hijack the program's execution flow and execute arbitrary code.
An unauthenticated remote attacker can gain full control over the device by executing arbitrary code with process privileges (potentially root), which threatens the confidentiality, integrity, and availability of the system.
Apply patches available from the manufacturer according to the references. Until an update is released, it is recommended to restrict access to the device's administrative interface to trusted IP addresses only and disable remote management from the WAN side.
Tenda AC8V4 with firmware version V16.03.34.06
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac8
HWTendav4Tenda Ac8 Firmware
OSTenda16.03.34.06
Related vulnerabilities
Buffer Overflow w Tenda AC8 — funkcja fromSetRouteStatic
Buffer overflow w Tenda AC8V4 — stack overflow w funkcji get_parentControl_list_Info
Tenda AC8V4 — stack overflow przez parametr shareSpeed (RCE)
Tenda AC8V4 — stack-based buffer overflow w funkcji WifiExtraSet
Tenda AC8v4 — stack overflow w funkcji setSchedWifi (schedEndTime)