Tenda AX-3 Vulnerability Information Vendor: Tenda Product: AX-3 Version: v16.03.12.10_CN (Link) Vulnerability Type: Stack Overflow Author: Shuhao Shen Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause The vulnerability occurs in the function where the value is obtained from the HTTP request via and copied into a memory region using . This operation can lead to a stack overflow if the parameter is overly long, causing a denial of service condition. Proof of Concept (PoC) To reproduce the vulnerability, follow these steps: 1. Boot the firmware using qemu-system or other methods (real machine). 2. Execute the following PoC attack: Result The target router crashes and cannot provide services correctly and persistently.