Tenda AX-3 Vulnerability Vendor: Tenda Product: AX-3 Version: v16.03.12.10_CN (https://www.tenda.com.cn/material/show/3238) Vulnerability Type: Stack Overflow Author: Shuhao Shen Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause In the function, the parameter is propagated to the function via the parameter without any length restriction on the parameter. The buffer size of the target parameter is 16 bytes. By crafting a request that passes the check, this can lead to a stack overflow, resulting in a Denial of Service (DoS) attack. Vulnerable Code Snippet Proof of Concept (PoC) To reproduce the vulnerability, the following steps can be followed: 1. Boot the firmware by qemu-system or other ways (real machine). 2. Attack with the following PoC script: Result The target router crashes and cannot provide services correctly and persistently.