Tenda Vulnerability Vendor: Tenda Product: AX-3 Version: v16.03.12.10_CN Vulnerability Type: Stack Overflow Author: Chuanhao Wan Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause In the function , the value is retrieved from the HTTP request via and then copied into the memory region pointed to by using . Here, points to a fixed-size buffer within the stack-allocated array . Since the buffer has a limited size and performs no bounds checking, supplying an excessively long parameter allows an attacker to overflow the destination buffer. This results in writing beyond the buffer's boundaries, corrupting adjacent stack memory, and potentially overwriting variables and control data. This can lead to a crash and result in a Denial of Service (DoS) condition. PoC To reproduce the vulnerability, follow these steps: 1. Boot the firmware using QEMU-system or another method (real hardware). 2. Launch the following Proof-of-Concept (PoC) attack: Result The target router crashes and is unable to provide services correctly or persistently.