A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
The vulnerability (CWE-120 — classic buffer overflow) occurs in the goform/formSetMacFilterCfg function, which is responsible for MAC address filtering configuration. An attacker can provide specially crafted input data that exceeds the size of the allocated buffer in memory. This results in overwriting adjacent memory areas, which can lead to arbitrary code execution.
An unauthenticated attacker, acting remotely over the network, can take full control of the device, access confidential data, modify its configuration, or permanently disable the router.
Security patches available from the manufacturer should be applied according to the references. It is recommended to monitor the official Tenda website at the address indicated in the references. Until a fix is released, it is recommended to restrict access to the device's administrative panel only to trusted hosts and isolate the device from untrusted networks.
Tenda AC15V1.0 with firmware version V15.03.05.18_multi
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac15
HWTenda1.0Tenda Ac15 Firmware
OSTenda15.03.05.18_multi
Related vulnerabilities
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...
Command injection w Tenda AC15 — brak walidacji parametru formSetIptv
Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload
Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła
Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP