CVE-2023-27013
Tenda AC10 Unauthorized stack overflow vulnerability
1. Affected version:
US_AC10V4.0si_V16.03.10.13_cn
2. Firmware download address
3. Vulnerability details
The function "get_parentControl_list_Info" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
4. Recurring vulnerabilities and POC
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
5. Author
Drizzling_Sun @KRlab

