A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler.…

A stack-based buffer overflow vulnerability has been discovered in Tenda W3 router firmware version 1.0.0.3(2204). The vulnerability affects the formSetCfm function in the /goform/setcfm file of the HTTP Handler component. Attackers can exploit this flaw by manipulating the funcpara1 argument, but the attack vector is limited to the local network only. The exploit code has been publicly released, making this vulnerability particularly dangerous for affected devices. Organizations using Tenda W3 routers should prioritize patching or implementing network-level mitigations.