Tenda AX-1806 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises in the 'security_5g' parameter of the 'sub_4CA50' function, where user-controlled input is improperly handled. The vulnerability allows attackers to craft requests that overflow a fixed-size stack buffer, leading to memory corruption, overwriting of local variables or control data, and causing the device to crash, thereby disrupting service availability.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WifiBasicSet' endpoint with the 'security_5g' parameter set to an excessively long value, such as 7000 characters. This can be done using a script that automates the request, such as one written in Python using the 'requests' library. The router can be tested in a virtualized environment using QEMU or on a physical device.