Tenda AC8v4 Router Buffer Overflow Vulnerability in SetServerConfig Interface Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in the Tenda AC8v4 router running firmware version 16.03.34.06. The issue arises in the SetServerConfig interface, specifically within the formSetServerConfig function. This vulnerability allows remote attackers to send malicious POST requests with excessively long parameters, causing the router's CPU usage to spike to 100%. This overload leads to a complete device freeze or service interruption, requiring a physical restart to recover.

Impact

Exploitation of this vulnerability causes the router to freeze, necessitating a physical restart. This crash disrupts all internal network services, causing connected devices, such as IoT devices, to lose connectivity.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/SetServerConfig interface with an overly long HTTP/1.0 200 OK parameter, exceeding 1MB in size. This can be done using a script that automates the request, such as a Python script using the requests library.

Remediation

Users are advised to block requests to the /goform/SetServerConfig interface at the gateway device or to filter POST request body sizes using a reverse proxy.