This vulnerability lies in the addWifiMacFilter function which influences the latest version of Tenda FH1203. (The latest version is V2.0.1.6)
There is a stack-based buffer overflow vulnerability in function addWifiMacFilter.
In function addWifiMacFilter it reads user provided parameter deviceId into Var, this variable is passed into function sprintf without any length check, which may overflow the stack-based buffer v8.
- 2023-07-10: CVE ID assigned (CVE-2023-37701)
