Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tenda-AX3 缓冲区错误漏洞
Vulnerability Description
Tenda-AX3是中国腾达(Tenda)公司的一个双频无线路由器。 Tenda-AX3 存在缓冲区错误漏洞,该漏洞源于Tenda-AX3路由器V16.03.12.10_CN的formSetPPTPServer函数存在栈缓冲区溢出漏洞。
CVSS Information
N/A
Vulnerability Type
N/A