Remote Code Execution Vulnerability in Tenda G1 and G3 Routers with Firmware v15.11.0.17(9502)_CN
CVE-2021-27705 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.
Learn more about our Web Application Penetration Testing UK.