Tenda AC21 Stack-Based Buffer Overflow Vulnerability in SetIpMacBind Function

A stack-based buffer overflow vulnerability has been identified in the Tenda AC21 router, specifically in the firmware version 16.03.08.16. The vulnerability resides in the '/goform/SetIpMacBind' endpoint, within the '/bin/httpd' binary. Manipulation of the 'list' parameter can lead to a buffer overflow condition, which may be exploited remotely. This vulnerability has been publicly disclosed and is accompanied by a proof-of-concept exploit.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt normal operation and potentially allow for remote command execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/SetIpMacBind' endpoint. The 'list' parameter must be included in the request and can be crafted to exceed 128 bytes in length, exploiting the lack of boundary checks in the 'strcpy' function. This leads to a stack-based buffer overflow, causing a denial-of-service condition on the device.