Tenda AX-1806 Stack Overflow Vulnerability Vendor: Tenda Product: AX-1806 Version: v1.0.0.1 Vulnerability Type: Stack Overflow Author: Shuhao Shen Vulnerability Cause In the function processing the parameter: The is obtained via and split by newline character ( ). Each line is further processed by → . In , the device name is separated from the MAC address by a carriage return ( ), and the device name string is copied to the stack buffer using without length checking. The stack buffer ( ) only has 160 bytes. If the device name exceeds 128 bytes (e.g., 156 bytes or longer), will directly overflow the stack buffer , causing a stack buffer overflow and potentially leading to code execution or denial-of-service. PoC To reproduce the vulnerability: 1. Boot the firmware in QEMU-system or real machine. 2. Use the following POC attack: Result The target router crashes and cannot provide services correctly and persistently.