CVE-2018-18732

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when processing the ntpServer parameter for a post request. The value of this parameter is directly used in a strcpy to a local variable on the stack, which overrides the return address of the function.

Recommendations For Tenda AC7 version 15.03.06.44 CN, avoid using the ntpServer parameter in post requests until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the httpd web server to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, consider disabling the httpd service temporarily as a workaround. For Tenda AC15 version 15.03.05.19 CN, refrain from using the vulnerable httpd web server until the issue is resolved. For Tenda AC18 version 15.03.05.19(6318) CN, as a temporary measure, limit the use of the ntpServer parameter in the affected post request endpoint.