CVE-2018-14557

Name of the Vulnerable Software and Affected Versions Tenda AC7 versions through V15.03.06.44 CN(AC7) Tenda AC9 versions through V15.03.05.19(6318) CN(AC9) Tenda AC10 versions through V15.03.06.23 CN(AC10)

Description A buffer overflow issue exists in the router's web server (httpd) due to improper handling of page parameters for a post request. The sprintf function directly writes the value to a local variable on the stack, overriding the return address of the function and causing a buffer overflow.

Recommendations For Tenda AC7 versions through V15.03.06.44 CN(AC7), update to a version later than V15.03.06.44 CN(AC7) to resolve the issue. For Tenda AC9 versions through V15.03.05.19(6318) CN(AC9), update to a version later than V15.03.05.19(6318) CN(AC9) to resolve the issue. For Tenda AC10 versions through V15.03.06.23 CN(AC10), update to a version later than V15.03.06.23 CN(AC10) to resolve the issue. As a temporary workaround, consider restricting access to the router's web server (httpd) until a patch is available.