Tenda W6-S Stack-Based Buffer Overflow Vulnerability in R7websSecurityHandler

A stack-based buffer overflow vulnerability has been identified in the Tenda W6-S router, specifically in the R7websSecurityHandler component of the HTTP server. This vulnerability arises from improper handling of the Cookie header, allowing remote attackers to overflow the stack, potentially hijacking execution flow or causing a denial-of-service condition. The issue exists in version 1.0.0.4(510) and can be exploited without authentication.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing memory corruption. Such conditions typically allow attackers to execute arbitrary code or disrupt normal device operation, potentially causing a denial-of-service.

Reproduction

To reproduce this vulnerability, send a request to the router's HTTP server with a crafted Cookie header that includes a payload designed to overflow the buffer. This can be done using tools like curl or through a web application that allows for custom Cookie manipulation.