Tenda-AC9-formSetSafeWanWebMan Overview Official website: https://www.tenda.com.cn/material/show/102554 Firmware download website: https://www.tenda.com.cn/material/show/102554 Affected Version AC9 V1.0 V15.03.02.13 Vulnerability Details The Tenda AC9 V1.0 V15.03.02.13 firmware has a stack overflow vulnerability in the function. The variable receives the parameter from a POST request and is later passed to the function. In the function, the variable is passed to the function. In the function, the variable is directly assigned to by . However, since the user can control the input of , the statement can cause a buffer overflow. The user-provided can exceed the capacity of the array, triggering this security vulnerability. POC (Not shown in the screenshot)