关键漏洞信息 Title: Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow Description: - The formSetInternetLanInfo handler in /bin/httpd calls formSetRemoteInternetLanInfo, which is vulnerable to multiple heap overflows due to the complete absence of user input sanitization and bounds checking on parameters portIp, portMask, portGateWay, portDns, and portSecDns. - The vulnerability lies in memccpy() calls with no bounds checking. - The router must be configured with ac.workmode=master (default) for exploitation. - Send a crafted POST request to the /goform/setInternetLanInfo endpoint to trigger the heap overflow in formSetRemoteInternetLanInfo. Source: https://github.com/dwBruinjn/CVEs/blob/main/Tenda/setRemoteInternetLanInfo.md Submission: 12/28/2025 05:46 PM Moderation Status: Accepted VulDB Entry: 238630 Points: 20