Tenda AX-1806 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, version 1.0.0.1. The issue arises in the 'wanSpeed' parameter of the 'sub_65B5C' function, where user-controlled input is copied into a fixed-size stack buffer without proper bounds checking. This flaw allows attackers to send excessively long values, causing a buffer overflow that corrupts adjacent stack memory, crashes the device, and disrupts normal service operations.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal functioning and service availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/AdvSetMacMtuWan' endpoint with a crafted 'wanSpeed' parameter. The value should be sufficiently long to overflow the stack buffer. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.