CVE-2018-18708

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A buffer overflow issue exists in the router's web server, specifically in the httpd component. This occurs when the page parameter of the fromAddressNat function is processed for a post request. The value is directly used in a sprintf to a local variable on the stack, which overrides the return address of the function.

Recommendations For Tenda AC7 version 15.03.06.44 CN, update the firmware to a version that fixes the buffer overflow vulnerability in the httpd component. For Tenda AC9 version 15.03.05.19(6318) CN, update the firmware to a version that fixes the buffer overflow vulnerability in the httpd component. For Tenda AC10 version 15.03.06.23 CN, update the firmware to a version that fixes the buffer overflow vulnerability in the httpd component. For Tenda AC15 version 15.03.05.19 CN, update the firmware to a version that fixes the buffer overflow vulnerability in the httpd component. For Tenda AC18 version 15.03.05.19(6318) CN, update the firmware to a version that fixes the buffer overflow vulnerability in the httpd component. As a temporary workaround, consider restricting access to the fromAddressNat function until a patch is available. Avoid using the page parameter in the affected post request until the issue is resolved.