Tenda FH451 Stack-Based Buffer Overflow Vulnerability Leading to Remote Code Execution

A critical stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically in version 1.0.0.9. The issue arises in the 'webExcptypemanFilter' function within the '/goform/webExcptypemanFilter' file. The vulnerability can be exploited remotely by manipulating the 'page' argument, causing a stack overflow that may lead to arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/webExcptypemanFilter' endpoint. The 'page' parameter must be included in the request payload. The value of the 'page' parameter should be crafted to exceed the buffer size, causing a stack overflow. This can be achieved by using a payload that includes cyclic patterns to overwrite the stack, followed by addresses of specific functions or commands to be executed.