Tenda AC20 Buffer Overflow Vulnerability in Wi-Fi Settings Function

A buffer overflow vulnerability has been identified in the Tenda AC20 router, affecting firmware versions through 16.03.08.12. The issue arises in the '/goform/fast_setting_wifi_set' endpoint, where the 'timeZone' parameter is manipulated, leading to a stack overflow. This vulnerability can be exploited remotely, potentially causing a denial-of-service condition or allowing for remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, leading to a stack overflow situation. This can disrupt normal device operation (causing a denial-of-service condition) or be leveraged to execute arbitrary code on the device remotely.

Reproduction

To reproduce this vulnerability, send a crafted HTTP POST request to the '/goform/fast_setting_wifi_set' endpoint. The request must include a 'timeZone' parameter with a value that exceeds the expected buffer size, effectively causing a buffer overflow. This can be done using a variety of tools that allow for HTTP request manipulation, such as Postman or curl.