Tenda AC18 Stack-Based Buffer Overflow Vulnerability in HTTP Request Handler

A stack-based buffer overflow vulnerability has been identified in the Tenda AC18 router, specifically in version 15.03.05.05. The issue arises in the HTTP request handler, particularly within the '/goform/GetParentControlInfo' endpoint. When the 'mac' parameter is supplied with excessive data, the vulnerability is triggered during the 'strcpy' operation, allowing remote attackers to potentially execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a malformed HTTP GET request to the '/goform/GetParentControlInfo' endpoint, with the 'mac' parameter containing excessive data. This can be done using a simple Python script that utilizes the 'requests' library to send the payload. The payload should be crafted to overflow the buffer, such as by using 0x110 bytes of 'A' followed by a command or indicator like 'DOIT'.