Tenda AX3 Stack Overflow Vulnerability in wlSetExternParameter Function Allowing Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX3 router, specifically in version V16.03.12.10_CN. The issue arises in the wlSetExternParameter function, where the wpapsk_crypto parameter is passed to the strcpy function without proper length validation. This flaw allows attackers to craft requests that overflow the buffer of the wpapsk_crypto parameter, which can only hold 16 bytes. Exploiting this vulnerability leads to a denial-of-service condition, causing the router to crash and fail to provide normal services.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal operation and service availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WifiExtraSet' endpoint with a crafted wpapsk_crypto parameter that is significantly larger than the buffer size limit. This can be done using a script that automates the request process, such as one written in Python using the requests library.