Tenda AX-1806 Stack Overflow Vulnerability in MAC Filter Configuration Allowing Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises within the 'formSetMacFilterCfg' function, where the 'deviceList' parameter is processed. The vulnerability allows attackers to craft requests that cause a denial-of-service condition by exploiting the lack of proper length validation when copying device names from the 'deviceList' into a fixed-size stack buffer. This overflow can overwrite critical stack data, including the return address, potentially leading to arbitrary code execution or a stable denial-of-service attack.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setMacFilterCfg' endpoint. The request must include a 'deviceList' parameter crafted with a device name exceeding 128 bytes, followed by a MAC address. This can be done using a tool like QEMU to emulate the router's firmware or by testing on a real device.