Tenda AX1803 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX1803 router, specifically in version 1.0.0.1. The issue arises in the 'security_5g' parameter of the 'sub_727F4' function, where user-controlled input is not properly validated before being copied into a fixed-size stack buffer. This flaw allows attackers to overflow the buffer, corrupt adjacent stack memory, and cause a process crash, leading to a denial-of-service condition. In some environments, this overflow could potentially be exploited further.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted POST request to the '/goform/WifiBasicSet' endpoint. The 'security_5g' parameter should be filled with an excessively long string, such as 7000 characters, which will overflow the stack buffer. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.