Tenda WH450 Stack-Based Buffer Overflow Vulnerability in SafeEmailFilter Endpoint
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda WH450 router, specifically in the firmware version 1.0.0.18. The issue arises in the '/goform/SafeEmailFilter' HTTP request handler, where excessive data lengths in the 'page' parameter can be manipulated, leading to arbitrary code execution or denial-of-service conditions. This vulnerability can be exploited remotely by unauthenticated attackers, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for arbitrary code execution or the creation of denial-of-service conditions on the affected device.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/goform/SafeEmailFilter' endpoint with an overly long 'page' parameter. The request must also include 'entry' and 'op' parameters, which are required but not related to the vulnerability itself. The provided proof-of-concept exploit automates this process by using a Python script that includes the necessary parameters and payload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.