关键信息 Vendor: Tenda Product: AX-3 Version: v16.03.12.10_CN Vulnerability Type: Stack Overflow Vulnerability Cause The vulnerability is located in the function . The value is obtained from the HTTP request via and copied into a fixed-size buffer using . This fixed-size buffer can be overflowing by an excessively long parameter. Proof of Concept (PoC) To reproduce the vulnerability, follow these steps: 1. Boot the firmware via qemu-system or other methods. 2. Use the following Python script to launch the attack: Result The target router crashes and cannot provide services correctly and persistently.