| Kura | Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow |
|---|
| Gaskiya | The formSetVlanPolicy handler in /bin/httpd is vulnerable to heap overflow due to the absence of user input sanitization and bounds checking on parameter qvlan_truck_port.
The vulnerability is in the memcpy() call performed using parameter qvlan_truck_port controlled by the user with no bounds checking.
Send a POST request to the /goform/setVlanPolicyData endpoint to trigger the heap overflow in formSetVlanPolicy |
|---|
| Manga | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setVlanPolicy.md |
|---|
| Màdùmga | dwbruijn (UID 93926) |
|---|
| Furta | 12/28/2025 17:26 (2 Wurɗi 전) |
|---|
| Gargajiya | 12/29/2025 09:01 (16 hours later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 338626 [Tenda M3 1.0.0.13(4903) setVlanPolicyData formSetVlanPolicy qvlan_truck_port Pufferüberlauf] |
|---|
| Nganji | 20 |
|---|