CVE-2018-18729

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A heap-based buffer overflow issue exists in the router's web server, specifically in the httpd. The issue arises when processing the mac parameter for a post request, as its value is directly used in a strcpy to a variable on the heap. This can potentially leak sensitive information or hijack program control flow.

Recommendations For Tenda AC7 version 15.03.06.44 CN, consider restricting access to the httpd service until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, avoid using the mac parameter in post requests to the httpd service until the issue is resolved. For Tenda AC10 version 15.03.06.23 CN, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC15 version 15.03.05.19 CN, consider disabling the httpd service temporarily as a workaround. For Tenda AC18 version 15.03.05.19(6318) CN, limit the use of the mac parameter in the httpd service to prevent potential exploitation.