Tenda AC6 V2.0 Stack-Based Buffer Overflow Vulnerability in fast_setting_wifi_set Endpoint Allowing Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the Tenda AC6 V2.0 router, specifically in the firmware version 15.03.06.50. The issue arises in the fast_setting_wifi_set function within the HTTP request handler for the /goform/fast_setting_wifi_set endpoint. This vulnerability allows remote, unauthenticated attackers to cause a denial-of-service condition by sending crafted requests that exploit the overflow.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the /goform/fast_setting_wifi_set endpoint with the ssid parameter containing an excessively long string. This can be done using a Python script that leverages the requests library to send the payload. The payload should consist of 64 bytes of 'A' characters followed by the string 'DOIT', which triggers the buffer overflow.