Tenda AX-1806 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises in the sub_4C408 function, where user-controlled input is improperly handled. The 'security' parameter is extracted and copied into a fixed-size stack buffer of 256 bytes using 'strcpy', which lacks proper bounds checking. This flaw allows attackers to send excessively long values, causing a buffer overflow that overwrites adjacent stack memory, disrupts local variables or control data, and ultimately crashes the device, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted POST request to the '/goform/WifiBasicSet' endpoint. The 'security' parameter should be filled with a string of 7000 characters, effectively overflowing the stack buffer. This can be done using a Python script that utilizes the 'requests' library to automate the process.