Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
[
{
"cpes": [
"cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*"
],
"vendor": "tenda",
"product": "ax1806_firmware",
"versions": [
{
"status": "affected",
"version": "1.0.0.1"
}
],
"defaultStatus": "unknown"
}
]