CVE-2023-51101
Description
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Tenda W9 firmware V1.0.0.7(4456)_CN has a stack overflow in formSetUplinkInfo via the /goform/setUplinkInfo endpoint, leading to remote code execution.
Vulnerability
A stack overflow vulnerability exists in the Tenda W9 router running firmware version V1.0.0.7(4456)_CN. The flaw is located in the formSetUplinkInfo function, reachable via the URL /goform/setUplinkInfo. The function does not properly validate the length of input data, allowing an attacker to overflow the stack buffer when sending a crafted POST request. [1]
Exploitation
An unauthenticated attacker on the same network can exploit this vulnerability by sending a specially crafted HTTP POST request to the /goform/setUplinkInfo endpoint. The published proof-of-concept demonstrates a payload that overwrites the return address and injects shellcode to start a telnet daemon on the router. [1]
Impact
Successful exploitation results in remote code execution as root on the Tenda W9 router. The attacker gains full control over the device, including the ability to modify system configuration, intercept network traffic, and launch further attacks. [1]
Mitigation
Tenda has not released a fixed firmware version as of the publication date (2023-12-26). Users should consider isolating the router from untrusted networks and monitoring for any vendor updates. No workaround is currently available. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Tenda/W9description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.