Tenda AC15 Stack-Based Buffer Overflow Vulnerability in PPPoE Settings

A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically in the firmware version 15.03.05.18. The issue arises in the file '/goform/fast_setting_pppoe_set', where the 'password' parameter is not properly validated before being stored. This lack of input sanitization allows for an attacker to manipulate the 'password' value, leading to a buffer overflow when the stored value is retrieved and used. The vulnerability can be exploited remotely, potentially causing crashes or allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can cause the device to crash or be manipulated to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/fast_setting_pppoe_set' with a crafted 'password' parameter that exceeds the buffer's capacity. After the parameter is accepted and stored, the vulnerability can be triggered by sending a GET request to '/goform/fast_setting_get', which retrieves the stored password and causes the buffer overflow.