Tenda A15 Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical buffer overflow vulnerability has been identified in the Tenda A15 router, specifically in the firmware versions 15.13.07.09 and 15.13.07.13. The vulnerability resides within the HTTP POST request handler, in a file called '/goform/multimodalAdd'. This issue allows for remote exploitation, where an attacker can manipulate input to cause a buffer overflow, potentially leading to arbitrary code execution or causing the device to crash.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the device crashes and becomes unresponsive.

Reproduction

The vulnerability can be reproduced by sending an HTTP POST request to the '/goform/multimodalAdd' endpoint. The request must include a 'Content-Length' header that specifies a length greater than what the buffer can handle. This can be done using a script that automates the process, such as one written in Python using the 'requests' library.