Tenda AX3 Stack Overflow Vulnerability in Parent Control Function Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX3 router, specifically in version V16.03.12.10_CN. The issue arises in the saveParentControlInfo function, where the deviceId parameter is not properly validated before being copied to a buffer. This flaw allows attackers to send crafted requests that overflow the stack, causing a denial-of-service condition by crashing the router and disrupting its normal service operations.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent denial-of-service condition where the device fails to provide normal services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/saveParentControlInfo endpoint with an excessively long deviceId parameter, approximately 700 characters of 'A's, and a valid time parameter. This can be done using a script that automates the request, such as one written in Python using the requests library.