Tenda AC6 V2.0 Stack-Based Buffer Overflow Vulnerability in addressNat Function Allowing Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the Tenda AC6 V2.0 router, specifically in the firmware version 15.03.06.50. The issue arises in the addressNat function within the HTTP request handler, where the page parameter can be exploited by sending crafted input. This vulnerability allows for denial-of-service conditions by causing the device to become unresponsive.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the router to become unresponsive.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the '/goform/addressNat' endpoint with the 'page' parameter containing excessive data. This can be done using a simple Python script that utilizes the 'requests' library to send the payload. The payload should be crafted to include 256 bytes of 'A' characters followed by the 'DOIT' string, which triggers the overflow.