Tenda WH450 Stack-Based Buffer Overflow Vulnerability in PPTP User Settings
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda WH450 router, specifically in the firmware version 1.0.0.18. The issue arises in the '/goform/PPTPUserSetting' HTTP request handler, where excessive data lengths in the 'delno' parameter can be manipulated, leading to potential arbitrary code execution or denial-of-service conditions. This vulnerability can be exploited remotely by unauthenticated attackers.
Impact
Exploitation of this vulnerability allows for arbitrary code execution or the creation of denial-of-service conditions on the affected device.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/goform/PPTPUserSetting' endpoint with the 'delno' parameter. The parameter must be filled with 500 'A' characters followed by a semicolon and then 100 'B' characters. This payload triggers the buffer overflow by exceeding the expected data length, causing the router to overwrite memory on the stack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.