# Vulnerability Overview - **Vulnerability ID**: #798452 - **Vulnerability Title**: Tenda F456 v1.0.0.5 Stack-based Buffer Overflow - **Vulnerability Type**: Stack buffer overflow - **Submitter**: LzHust2 (UID 95662) - **Submission Time**: April 7, 2020 - **Review Time**: April 25, 2020 - **Status**: Public - **VulDB Entry**: [Tenda F456 1.0.0.5 (gofm/www/SafeMacFilter from SafeMacFilter page buffer overflow)](https://vuldb.com/?id.153300) --- # Impact Scope - **Affected Product**: Tenda F456 v1.0.0.5 - **Affected Component**: `gofm/www/SafeMacFilter` page in `httpd` - **Root Cause**: The function does not enforce length limits on input when processing parameters of the `SafeMacFilter` page, leading to a buffer overflow. - **Attack Method**: An attacker can craft malicious requests to trigger the buffer overflow, thereby executing arbitrary code or causing a denial of service (DoS). --- # Remediation - **Official Fix**: No specific patch or version update information provided. - **Recommended Measures**: - Upgrade firmware to the latest version (if available). - Restrict access permissions to the `SafeMacFilter` page. - Perform strict validation and length limitation on input parameters. --- # POC / Exploit Code No specific POC code is provided on the page, but a link to the vulnerability source is given: ```bash https://github.com/lengzheng/vuldb_new/blob/main/F456vul_121/README.md ``` It is recommended to visit this link for more detailed exploitation methods or PoC code.