关键信息 Vendor: Tenda Product: AX-1806 Version: v1.0.0.1 (Link: https://www.tenda.com.cn/download/detail-3421.html) Vulnerability Type: Stack Overflow Author: Chuanhao Wan Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause - In , user-controlled input for is copied into a fixed 256-byte buffer through . The "security" parameter, directly provided by the user without length restriction, can cause a buffer overflow. - The overflow corrupts adjacent stack memory, overwrites local variables/control data, and ultimately leads to a crash and Denial of Service. PoC Attack - The exploit Python script sends a large string "A" 7000 as the "security" parameter and causes the device to enter inaccessible status. Result** - The router crashes and stops offering services.