Tenda AC6 Buffer Overflow Vulnerability in MAC Filter Configuration

A buffer overflow vulnerability has been identified in the Tenda AC6 router, specifically in the firmware version V15.03.06.23_multi. The issue arises in the function 'formSetMacFilterCfg', where user-supplied parameters 'macFilterType' and 'deviceList' are processed without proper input validation. This oversight allows for a buffer overflow, as the unchecked data can be manipulated to exceed allocated memory boundaries.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setMacFilterCfg' endpoint. The request must include the 'macFilterType' parameter, set to 'black', and the 'deviceList' parameter, populated with a crafted string designed to overflow the buffer. This can be done using a script that automates the process, such as one written in Python that uses the 'requests' library to send the payload.