CVE-2018-18707

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when the ssid parameter in a post request is processed, as its value is directly used in a strcpy to a local variable on the stack. This action overrides the return address of the function, leading to a potential buffer overflow.

Recommendations For Tenda AC7 version 15.03.06.44 CN, update the firmware to a version that addresses this issue. For Tenda AC9 version 15.03.05.19(6318) CN, update the firmware to a version that addresses this issue. For Tenda AC10 version 15.03.06.23 CN, update the firmware to a version that addresses this issue. For Tenda AC15 version 15.03.05.19 CN, update the firmware to a version that addresses this issue. For Tenda AC18 version 15.03.05.19(6318) CN, update the firmware to a version that addresses this issue. As a temporary workaround, consider restricting access to the httpd service until a patch is available. Avoid using the ssid parameter in post requests to the vulnerable httpd service until the issue is resolved.