以下是关于漏洞的关键信息,使用简洁的Markdown格式呈现: --- 漏洞信息 标题 Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow 描述 问题描述: the formexeCommand handler in is vulnerable to stack overflow due to the complete absence of user input sanitization and bounds checking on parameter which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely. 具体位置: The vulnerability is in the call with no bounds checking. 触发方法: Send a POST request to the endpoint to trigger the buffer overflow. 源码链接  https://github.com/dwbruijn/CVEs/blob/main/Tenda/execCommand.md 用户信息  dwbruijn (UID 93926) 提交与审核信息 提交日期: 12/28/2025 05:52 PM (6 days ago) 审核日期: 12/29/2025 10:17 AM (16 hours later) 状态:  Accepted 相关条目 VulDB entry:  338643 [Tenda M3 1.0.0.13(4903) /goform/exeCommand cmdinput stack-based overflow] 其他 Points: 20 ---