Tenda Vulnerability Vendor: Tenda Product: O3V2 Version: 1.0.0.12 (3880) Type: Stack Overflow Author: Jiaqian Peng Mail: pengjiaqian@ie.ac.cn Institution: Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS) Vulnerability Description We found a stack overflow vulnerability in Tenda router with firmware which was released recently, allowing remote attackers to crash the server. Stack Overflow In the binary: In the router's function, is directly passed by the attacker. If this part of the data is too long, it will cause the stack overflow, so we can control the to execute arbitrary code. Supplement In order to avoid such problems, we believe that the string content should be checked in the input extraction part. PoC We set as , and the router will crash, such as: Result The target router crashes and cannot provide services correctly and persistently.