Nixpkgs security tracker
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Tenda W3 HTTP setcfm formSetCfm stack-based overflow
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.
References
-
-
-
Submit #769172 | Tenda W3 V1.0.0.3(2204) Buffer Overflow third-party-advisory
-
https://www.tenda.com.cn/ product
Affected products
- ==1.0.0.3(2204)
Matching in nixpkgs
pkgs.gaw
Gtk Analog Wave viewer
pkgs.w3m
Text-mode web browser
pkgs.Xaw3d
3D widget set based on the Athena Widget set
pkgs.pw3270
3270 Emulator for gtk
pkgs.revpfw3
Reverse proxy to bypass the need for port forwarding
pkgs.w3m-nox
Text-mode web browser
pkgs.ilspycmd
Tool for decompiling .NET assemblies and generating portable PDBs
pkgs.libxaw3d
3D appearance variant of the X Athena Widget Set
pkgs.w3m-full
Text-mode web browser
pkgs.sparrow3d
A software renderer for different open handhelds like the gp2x, wiz, caanoo and pandora
-
nixos-unstable 2020-10-06
- nixpkgs-unstable 2020-10-06
- nixos-unstable-small 2020-10-06
-
nixos-25.11 2020-10-06
- nixos-25.11-small 2020-10-06
- nixpkgs-25.11-darwin 2020-10-06
pkgs.w3m-batch
Text-mode web browser
pkgs.libgtkflow3
Flow graph widget for GTK 3
pkgs.w3m-nographics
Text-mode web browser
pkgs.python312Packages.w3lib
Library of web-related functions
-
nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1
pkgs.python313Packages.w3lib
Library of web-related functions
-
nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1
-
nixos-25.11 w3lib-2.3.1
- nixos-25.11-small w3lib-2.3.1
- nixpkgs-25.11-darwin w3lib-2.3.1
pkgs.python314Packages.w3lib
Library of web-related functions
-
nixos-unstable w3lib-2.3.1
- nixpkgs-unstable w3lib-2.3.1
- nixos-unstable-small w3lib-2.3.1
pkgs.tests.fetchzip.postFetch
None
-
nixos-unstable 3cw3svf714i8
- nixpkgs-unstable 3cw3svf714i8
- nixos-unstable-small 3cw3svf714i8
pkgs.perlPackages.W3CLinkChecker
W3C Link Checker
-
nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0
-
nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0
pkgs.perl5Packages.W3CLinkChecker
W3C Link Checker
-
nixos-unstable W3C-LinkChecker-5.0.0
- nixpkgs-unstable W3C-LinkChecker-5.0.0
- nixos-unstable-small W3C-LinkChecker-5.0.0
pkgs.tests.fetchurl.hashedMirrors
None
-
nixos-unstable jlsriwxk0w3v
- nixpkgs-unstable jlsriwxk0w3v
- nixos-unstable-small jlsriwxk0w3v
-
nixos-25.11 ww3m898lak6d
- nixos-25.11-small ww3m898lak6d
- nixpkgs-25.11-darwin ww3m898lak6d
pkgs.tests.fetchgit.sparseCheckout
None
-
nixos-25.11 1y4asnkgw37p
- nixos-25.11-small 1y4asnkgw37p
- nixpkgs-25.11-darwin 1y4asnkgw37p
pkgs.perl538Packages.W3CLinkChecker
W3C Link Checker
-
nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0
pkgs.perl540Packages.W3CLinkChecker
W3C Link Checker
-
nixos-25.11 W3C-LinkChecker-5.0.0
- nixos-25.11-small W3C-LinkChecker-5.0.0
- nixpkgs-25.11-darwin W3C-LinkChecker-5.0.0
pkgs.tests.fetchFromGitHub.leave-git
None
-
nixos-25.11 1qjd2liw3yr9
- nixos-25.11-small 1qjd2liw3yr9
- nixpkgs-25.11-darwin 1qjd2liw3yr9
pkgs.perlPackages.DateTimeFormatW3CDTF
Parse and format W3CDTF datetime strings
-
nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08
-
nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08
pkgs.ocamlPackages.lablgtk3-sourceview3
OCaml interface to GTK 3
-
nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5
-
nixos-25.11 lablgtk3-sourceview3-3.1.5
- nixos-25.11-small lablgtk3-sourceview3-3.1.5
- nixpkgs-25.11-darwin lablgtk3-sourceview3-3.1.5
pkgs.perl5Packages.DateTimeFormatW3CDTF
Parse and format W3CDTF datetime strings
-
nixos-unstable W3CDTF-0.08
- nixpkgs-unstable W3CDTF-0.08
- nixos-unstable-small W3CDTF-0.08
pkgs.chickenPackages_5.chickenEggs.glfw3
Bindings to the GLFW3 OpenGL window and event management library
-
nixos-unstable glfw3-0.7.1
- nixpkgs-unstable glfw3-0.7.1
- nixos-unstable-small glfw3-0.7.1
-
nixos-25.11 glfw3-0.7.1
- nixos-25.11-small glfw3-0.7.1
- nixpkgs-25.11-darwin glfw3-0.7.1
pkgs.perl538Packages.DateTimeFormatW3CDTF
Parse and format W3CDTF datetime strings
-
nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08
pkgs.perl540Packages.DateTimeFormatW3CDTF
Parse and format W3CDTF datetime strings
-
nixos-25.11 W3CDTF-0.08
- nixos-25.11-small W3CDTF-0.08
- nixpkgs-25.11-darwin W3CDTF-0.08
pkgs.perlPackages.WebServiceValidatorHTMLW3C
Access the W3Cs online HTML validator
pkgs.perl5Packages.WebServiceValidatorHTMLW3C
Access the W3Cs online HTML validator
pkgs.ocamlPackages_latest.lablgtk3-sourceview3
OCaml interface to GTK 3
-
nixos-unstable lablgtk3-sourceview3-3.1.5
- nixpkgs-unstable lablgtk3-sourceview3-3.1.5
- nixos-unstable-small lablgtk3-sourceview3-3.1.5
pkgs.perl538Packages.WebServiceValidatorHTMLW3C
Access the W3Cs online HTML validator
pkgs.perl540Packages.WebServiceValidatorHTMLW3C
Access the W3Cs online HTML validator
pkgs.haskellPackages.hs-opentelemetry-propagator-w3c
Trace propagation via HTTP headers following the w3c tracestate spec
-
nixos-unstable w3c-0.1.0.0
- nixpkgs-unstable w3c-0.1.0.0
- nixos-unstable-small w3c-0.1.0.0
-
nixos-25.11 w3c-0.1.0.0
- nixos-25.11-small w3c-0.1.0.0
- nixpkgs-25.11-darwin w3c-0.1.0.0
Package maintainers
-
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@grindhold grindhold <grindhold+nix@skarphed.org>
-
@vifino Adrian Pistol <vifino@tty.sh>
-
@tudbut Daniella Hennig <nixpkgs@mail.tudbut.de>
-
@uninsane Colin Sane <colin@uninsane.org>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
-
@toastal toastal <toastal+nix@posteo.net>