Tenda AC15 Buffer Overflow Vulnerability in WifiExtraSet Function

A critical buffer overflow vulnerability has been identified in the Tenda AC15 router, affecting versions through 15.03.05.19. The issue arises in the function 'fromSetWirelessRepeat' within the file '/goform/WifiExtraSet'. The vulnerability allows for remote exploitation by manipulating the 'mac' argument, leading to potential overwriting of memory and causing a denial-of-service condition or crashing the device.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption. In this case, it allows for overwriting critical data, such as the 'tkip_aes' variable, potentially causing a denial-of-service condition by crashing the router or disrupting its normal operations.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the '/goform/WifiExtraSet' endpoint, specifically targeting the 'fromSetWirelessRepeat' function. The 'mac' argument must be manipulated to exceed the buffer size, causing a buffer overflow. This can be done using a variety of tools or scripts that automate the process of sending such requests.