Tenda W12 and i24 Stack-Based Buffer Overflow Vulnerability in Reboot Scheduling Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda W12 and i24 routers, specifically in the firmware versions 3.0.0.4(2887) and 3.0.0.5(3644). The vulnerability arises in the 'cgiSysScheduleRebootSet' function within the '/bin/httpd' file, where the 'rebootDate' parameter is not properly validated for length. This flaw allows for remote exploitation, potentially leading to arbitrary code execution by overwriting the return address register.
Impact
Exploitation of this vulnerability allows for a stack-based buffer overflow, with the potential to overwrite the return address register, leading to arbitrary code execution.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/modules' endpoint. The request must include a JSON payload that specifies the 'sysScheduleRebootSet' action and includes a 'rebootDate' parameter. This parameter should be crafted to exceed the buffer limit, effectively causing a stack overflow by overwriting the return address register.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.