A stack-based buffer overflow vulnerability exists in the formDOMAINBLK interface via the blkDomain parameter exposed through the web management interface /boaform/formDOMAINBLK of the Tenda HG10 router.
Tenda
HG10
HG7_HG9_HG10re_300001138_en_xpon
Stack-based Buffer Overflow
/boaform/formDOMAINBLK
formDOMAINBLK
blkDomain
A stack-based buffer overflow vulnerability exists in the formDOMAINBLK interface via the blkDomain parameter exposed through the web management interface /boaform/formDOMAINBLK of the Tenda HG10 router.
The vulnerable code copies user-controlled blkDomain input into a stack buffer without effective length validation, which may overwrite the stack frame.
An unauthenticated attacker with access to the web management interface may be able to trigger a denial of service by crashing the Boa web service or potentially execute arbitrary code depending on the runtime environment and protections.
This vulnerability is submitted through VulDB for CVE assignment.
Relevant screenshots and supporting materials are stored in the assets directory.