Tenda FH451 Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Tenda FH451 router, specifically in version V1.0.0.9. The issue arises in the 'formSafeEmailFilter' function, where the router fails to properly validate the size of the user input parameter 'page'. This oversight allows for a stack overflow, which can be exploited to execute arbitrary code remotely.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution on the affected router.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'goform/SafeEmailFilter' endpoint with a crafted payload. The payload should include an 'op' parameter set to 'add' and a 'page' parameter filled with a string of 'a' characters, followed by the address of the 'puts' function and a command to be executed, such as 'Hello, world'. This causes a stack overflow that interrupts the router's normal operation, crashes the device, and executes the injected command.