Tenda AX-1806 Vulnerability Summary Vendor: Tenda Product: AX-1806 Version: v1.0.0.1 (Link to download) Vulnerability Type: Stack Overflow Author: Shuhao Shen Institution: Huazhong University of Science and Technology (HUST) --- Vulnerability Cause The vulnerability arises in the function where the value is derived from user-controlled input. Specifically: The variable can resolve to either or depending on the context. This value is then copied into a fixed-size stack buffer (256 bytes) using , which does not perform bounds checking. If the parameter is fully controlled by a user and no maximum length is enforced, an attacker can supply a long string leading to a stack overflow. Relevant Code: --- Proof of Concept (PoC) To reproduce the vulnerability, follow these steps: 1. Boot the firmware using QEMU or a real machine. 2. Execute the provided Python script to send a malicious payload. PoC Script: --- Result The targeted router crashes due to stack overflow, resulting in a Denial of Service (DoS) condition. The logs and error messages indicate a segmentation fault and connection failure.