- Firmware download website: https://www.tendacn.com/download/detail-2722.html
W15EV1.0 V15.11.0.14
The Tenda W15EV1.0 V15.11.0.14 firmware has a stack overflow vulnerability in the formQOSRuleDel function. The indexSet variable receives the qosIndex parameter from a POST request and is directly assigned to strcpy. However, since the user can control the input of qosIndex , the statementstrcpy((char *)&input, (const char *)indexSet); can cause a buffer overflow. The user-provided qosIndex can exceed the capacity of the input array, triggering this security vulnerability.
