In the absence of an official patch, network administrators should consider implementing additional security measures, such as restricting access to the router’s management interface to trusted devices only. Attackers within the same network as a vulnerable router could potentially exploit this flaw to gain complete control over the device, intercept network traffic, or use the router as a launching point for attacks against other devices on the network. As connectivity becomes increasingly ubiquitous, manufacturers must prioritize security by implementing proper input validation, using memory-safe programming practices, and responding promptly to reported vulnerabilities. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A severe vulnerability in Tenda AC7 Routers running firmware version V15.03.06.44 allows malicious actors to execute arbitrary code and gain root shell access. The security flaw exists within the formSetFirewallCfg function of the Tenda AC7 router’s web management interface. Specifically, when the router processes firewall configuration data submitted through the web interface, it directly copies the user-supplied value into a fixed-size buffer using the strcpy function without performing appropriate boundary checks. This discovery highlights ongoing security challenges in consumer networking equipment and underscores the need for manufacturers to implement robust input validation mechanisms. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. This vulnerability has significant security implications for owners of Tenda AC7 routers. The flaw originates from a stack overflow vulnerability in the router’s formSetFirewallCfg function. The exploit consists of a Python script that sends a specially crafted HTTP POST request to the vulnerable router. More concerning, however, is that further refinement of the payload could allow attackers to maintain persistent access by establishing a root shell on the compromised device. She is covering various cyber security incidents happening in the Cyber Space. The script targets the “/goform/SetFirewallCfg” endpoint with an oversized “firewallEn” parameter, triggering the stack overflow condition.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 10:25:08 +0000