Tenda W12 and i24 Stack-Based Buffer Overflow Vulnerability in DHCP Configuration
Vulnerability
A critical stack-based buffer overflow vulnerability has been identified in the Tenda W12 and i24 routers, specifically in the DHCP configuration function of the HTTP daemon. This vulnerability arises from the 'cgidhcpsCfgSet' function, where the 'altDns' parameter, among others, is not properly validated, allowing for excessive data to be sent. The issue can be exploited remotely, potentially leading to arbitrary code execution by overwriting the return address register.
Impact
Exploitation of this vulnerability allows for a stack-based buffer overflow, with the potential to execute arbitrary code by manipulating the return address.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/modules' endpoint with a JSON payload that includes the 'dhcpsCfgSet' parameter. The 'altDns' field should be filled with a string that exceeds the buffer limit, effectively overwriting the return address and allowing for code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.