Tenda AC6 V2.0 Stack-Based Buffer Overflow Vulnerability in DhcpListClient Function Allowing Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the Tenda AC6 V2.0 router, specifically in the firmware version 15.03.06.50. The issue arises in the DhcpListClient function within the HTTP request handler for the '/goform/DhcpListClient' endpoint. Attackers can exploit this vulnerability by sending crafted HTTP requests that include excessive data in the 'page' parameter, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the '/goform/DhcpListClient' endpoint with a 'page' parameter that contains a large amount of data. This can be done using a simple Python script that leverages the 'requests' library to send the payload. The payload should consist of 256 bytes of 'A' characters followed by the string 'DOIT'.