CVE-2018-18706

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A buffer overflow issue exists in the router's web server, specifically in the httpd component. The vulnerability occurs when the page parameter of the fromDhcpListClient function is processed for a request. The page parameter is directly used in a sprintf to a local variable on the stack, which overrides the return address of the function.

Recommendations For Tenda AC7 version 15.03.06.44 CN, consider disabling the fromDhcpListClient function until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the httpd component to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, avoid using the page parameter in the affected API endpoint until the issue is resolved. For Tenda AC15 version 15.03.05.19 CN, apply configuration changes to limit the impact of the buffer overflow. For Tenda AC18 version 15.03.05.19(6318) CN, temporarily disable the httpd service to prevent potential exploitation.