Tenda AC23 Buffer Overflow Vulnerability in saveParentControlInfo Function

A critical buffer overflow vulnerability has been identified in the Tenda AC23 router, specifically in the firmware version 16.03.07.52. The issue arises in the saveParentControlInfo function within the /goform/saveParentControlInfo endpoint. The vulnerability allows remote attackers to manipulate the 'time' parameter, leading to stack memory overwriting. This could cause application crashes, memory corruption, and potentially enable arbitrary code execution on the server.

Impact

Exploitation of this vulnerability can cause application crashes, memory corruption, and allow for arbitrary code execution on the server. Such exploitation could lead to unauthorized access and control over the router, interception of network traffic, or use of the router as a launch point for attacks on other devices within the network.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/saveParentControlInfo endpoint with an oversized 'time' parameter. This can be done using a Python script that utilizes the requests library to send the payload. The script should be executed in an environment where the target router is accessible.

Remediation

It is recommended to replace the unsafe parsing with safer alternatives that include buffer size limits. Additionally, implementing strict input validation to reject or truncate oversized parameters can help mitigate the risk. Running the application with the least privileges necessary and adopting secure coding practices are also advisable.