关键漏洞信息 漏洞标题 Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow 漏洞描述 The formSetAdInfoDetail handler in /bin/httpd is vulnerable to multiple heap overflows due to the absence of user input sanitization and bounds checking on parameters adName, smsPassword, smsAccount, weixinAccount, weixinName, smsSignature, adRedirectUrl, adCopyRight, smsContent, and adItemUID. The malloc() call allocates the heap block where the overflows take place and the memcpy() calls trigger the overflow of the allocated buffer. Send a POST request to the /goform/setAdInfoDetail endpoint to trigger the heap overflow in formSetAdInfoDetails. 漏洞来源 https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdInfoDetail.md 提交者 dwbruijn (UID 93926) 提交日期 2022/12/28 05:40 PM 审核日期 2022/12/29 09:01 AM 状态 Accepted VulDB条目 338629 [Tenda M3 1.0.0.13(4903) /goform/setAdInfoDetail formSetAdInfoDetails heap-based overflow] 点数 20