Tenda AX-1806 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises in the 'sub_65A28' function, where the 'serviceName' parameter is processed. The vulnerability allows attackers to cause a denial-of-service condition by sending a crafted request that exploits the lack of bounds checking in the 'strcpy' function. This oversight enables the 'serviceName' parameter to be overwritten with excessively long input, leading to a buffer overflow that corrupts adjacent stack memory, causing the device to crash and disrupt normal services.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent denial-of-service condition where the device fails to provide services correctly.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/AdvSetMacMtuWan' endpoint with a 'serviceName' parameter containing a payload of approximately 7000 characters. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.