Tenda AX1803 Stack Overflow Vulnerability in sub_72290 Function Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX1803 router, specifically in version 1.0.0.1. The issue arises in the sub_72290 function, where user-controlled input is improperly handled. The 'security' parameter can be exploited by sending an excessively long value, which overflows a fixed-size stack buffer of 256 bytes. This overflow corrupts adjacent stack memory, potentially overwriting local variables or control data. The vulnerability causes the device to crash, leading to a persistent denial-of-service condition.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted POST request to the '/goform/WifiBasicSet' endpoint. The 'security' parameter should be filled with a string of 7000 'A' characters. This can be done using a Python script that utilizes the 'requests' library to send the request. Once the router receives the request, it crashes and fails to provide services correctly.