Tenda CH22 Buffer Overflow Vulnerability in SafeEmailFilter Endpoint

A critical buffer overflow vulnerability has been identified in the Tenda CH22 router, version 1.0.0.1. The issue arises in the SafeEmailFilter endpoint, specifically within the formSafeEmailFilter function. The vulnerability allows for memory corruption by manipulating the user-controlled page parameter. This flaw can be exploited remotely, without any authentication requirements, leading to potential application crashes, arbitrary code execution, and disruption of normal device operations.

Impact

Exploitation of this vulnerability can cause memory corruption, application crashes, and arbitrary code execution. If code execution is achieved, it could allow an attacker to escalate privileges, implant backdoors, manipulate email filtering settings, or disrupt the device's firmware, rendering it unusable. Even without executing code, the vulnerability could compromise sensitive data and cause significant operational disruptions.

Reproduction

The vulnerability can be reproduced by sending a POST request to the SafeEmailFilter endpoint with an oversized payload in the page parameter. This can be done using a script that automates the request, such as one written in Python using the requests library.