Vulnerability Overview - The Tenda AC21 firmware (version V16.03.08.15) contains a stack buffer overflow vulnerability. The vulnerability is located in the file within the function. Vulnerability Details - In the function, it calls the function and passes and as parameters. - The variable is stored on the stack, and since it's being used in a call with concatenated to (which is the POST parameter), it results in a stack overflow due to potential buffer overflow. Recurring Loopholes and POC - To reproduce the vulnerability, boot the affected firmware using or a real device. - Send the following HTTP POST request to trigger the vulnerability: . - The POC request body sends an excessively long value, resulting in a denial-of-service (DOS) attack. Visual Evidence - The screenshot includes theBurp Suite Community Edition showing a failure to connect to the target IP address due to the DOS attack, indicating successful exploitation of the vulnerability.