Tenda W18E V2.0 Router Arbitrary Code Execution Vulnerability

A vulnerability allowing arbitrary code execution has been identified in the Tenda W18E V2.0 router, specifically in firmware version V16.01.0.11. The issue arises from improper access control in the account module's editing functionality, accessible via the /goform/setModules route. This flaw enables an unauthenticated remote attacker to send a crafted HTTP POST request to change the administrator password. Exploitation of this vulnerability can be achieved through the router's telnet function, which provides root access.

Impact

Exploitation of this vulnerability leads to unauthorized arbitrary code execution on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/setModules route without authentication. Include a JSON payload in the request body that specifies the account module, the action as 'edit', and the new password value. The request can be made using a web browser or a tool like curl, ensuring that the necessary headers and cookie values are included to mimic a legitimate session.