CVE-2021-31755

CVSS 9.8 CRITICALEPSS 85.8%● KEVCWE-787

In short

A vulnerability in Tenda AC11 routers allows attackers to send a specially crafted request that overwrites memory on the device, letting them run malicious code with full control of the router.

Technical detail

Stack buffer overflow in the /goform/setmac endpoint (CWE-787) allows unauthenticated remote code execution via POST request with oversized input. The vulnerability affects Tenda AC11 firmware versions up to 02.03.01.104_CN, enabling arbitrary code execution with device-level privileges.

Summary generated and translated by AI from the official description.

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31755