Tenda AC6 Stack-Based Buffer Overflow Vulnerability in Cloud API Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in the Cloud API functionality of the Tenda AC6 router, specifically in version 5.0 V02.03.01.110. This vulnerability allows for arbitrary code execution, triggered by a specially crafted HTTP response. The issue arises when the router sends HTTP requests to the Tenda cloud API, and a malicious response is intercepted, exploiting the buffer overflow.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing a memory corruption error that can be leveraged for arbitrary code execution on the device.

Reproduction

The vulnerability can be reproduced by intercepting the HTTP traffic from a device connected to the Tenda AC6 router. This can be done through DNS poisoning to redirect the device's cloud API requests to a malicious server. Once the router receives the crafted HTTP response, the vulnerability is triggered, causing the stack-based buffer overflow.