Description
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
References (3)
Core 3
Core References
Technical Description x_refsource_misc
https://cwe.mitre.org/data/definitions/121.html
Broken Link x_refsource_misc
https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md
Scores
CVSS v3
9.8
EPSS
0.0657
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (3)
tendacn/ac10u_firmware
15.03.06.48_multi_tde01
tendacn/ac9_firmware
15.03.05.19\(6318\)
tendacn/ac9_firmware
15.03.06.42_multi
Published
Oct 29, 2021
Tracked Since
Feb 18, 2026