Tenda AX12 Stack Overflow Vulnerability in MAC Filter Configuration

A stack overflow vulnerability has been identified in the Tenda AX12 router running firmware version V22.03.01.46_CN. The issue arises in the 'sub_42F69C' function within the '/goform/setMacFilterCfg' endpoint, where the function copies data from the request body into a stack buffer without proper length validation. This vulnerability can be exploited by sending a crafted request that includes a deviceList field value containing a carriage return character, along with a large amount of additional data, exceeding 160 bytes. Exploiting this vulnerability causes a segmentation fault, disrupting the router's normal operation and potentially leading to a denial-of-service condition.

Impact

Exploiting this vulnerability causes a stack overflow, leading to a segmentation fault and abnormal termination of the program. This disruption can be leveraged to create a denial-of-service condition, causing the router to crash or become unresponsive.

Reproduction

To reproduce this vulnerability, access the '/goform/setMacFilterCfg' interface after authorization. Send a POST request with the 'deviceList' field set to include a carriage return character followed by a large amount of junk data, exceeding 160 bytes. This payload will trigger the stack overflow by overwriting the return address on the stack, causing a segmentation fault and crashing the router.