Description

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Related CPE's

Could not find any relations

References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.md

https://vuldb.com/?ctiid.337370

https://vuldb.com/?id.337370

https://vuldb.com/?submit.715362

https://www.tenda.com.cn/

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.md

Weaknesses

[email protected]

Secondary
CWE-119CWE-121

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Undergoing analysis

Published

2025-12-18T17:15:46.840

27 hours ago

Last modified

2025-12-19T18:00:18.330

3 hours ago