Tenda AC21 Buffer Overflow Vulnerability in WifiExtraSet Function

A buffer overflow vulnerability has been identified in the Tenda AC21 router, specifically in the firmware version 16.03.08.16. The issue arises in the function sub_45BB10 within the file /goform/WifiExtraSet. The vulnerability is triggered by manipulating the wpapsk_crypto argument, leading to a stack overflow. This flaw can be exploited remotely, and the public exploit is available.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.

Reproduction

To reproduce this vulnerability, send a crafted HTTP POST request to the /goform/WifiExtraSet endpoint. Include the wpapsk_crypto parameter with a value that exceeds the buffer limit, such as 100 bytes of 'a'. The request should also include other required parameters like wifi_chkHz, wl_mode, wl_enbale, ssid, wpapsk_key, security, and mac.