Tenda AC20 Buffer Overflow Vulnerability in the OpenSchedWifi Function
Vulnerability
A buffer overflow vulnerability has been identified in the Tenda AC20 router, specifically in the 16.03.08.12 firmware version. The issue arises in the httpd function of the /goform/openSchedWifi file, where the schedStartTime and schedEndTime parameters can be manipulated to cause a buffer overflow. This vulnerability can be exploited remotely and may lead to a denial-of-service condition or potentially allow for remote command execution.
Impact
Exploitation of this vulnerability causes a denial-of-service condition and could potentially allow for remote command execution.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/openSchedWifi endpoint. The request must include the schedStartTime and schedEndTime parameters, with the schedStartTime parameter containing a payload that exceeds the buffer size, leading to a buffer overflow. This can be done using a web application that allows for the manipulation of these parameters, such as a custom script or a tool like Burp Suite.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.