关键信息 TARGET Device: Tenda AC8 Firmware Version: V16.03.33.05 Vendor Website: https://www.tendacn.com/ Firmware Reference: AC8v4.0 Firmware - Tenda Global (English) BUG TYPE Vulnerability: Stack-Based Buffer Overflow Vulnerability Abstract A buffer overflow vulnerability exists in the Tenda AC8 router running firmware version V16.03.33.05. The flaw is in the interface in the embedded service, which fails to validate the parameter. An attacker can exploit this by sending a crafted HTTP request with an overly long value, potentially causing a denial-of-service. Details The issue is in the endpoint of the service, where the parameter is not effectively validated. Improper input validation allows memory corruption, leading to arbitrary code execution or device crash. Vulnerability Analysis The vulnerable code uses for unsafe string parsing and copying, leading to potential stack-based buffer overflow. The function in the binary contains the vulnerable code. POC The proof-of-concept code demonstrates how the vulnerability can be triggered by sending a crafted HTTP request. Expected Result Running the exploit results in a Segmentation Fault, confirming a serious memory safety issue.