Tenda AX-1806 Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-1806 router, specifically in version 1.0.0.1. The issue arises in the 'sub_65A28' function, where the 'serverName' parameter is processed. The vulnerability allows attackers to cause a denial-of-service by sending a crafted request that exploits the lack of bounds checking in the 'strcpy' function. This oversight enables the 'serverName' value to overflow a fixed-size stack buffer, corrupting adjacent memory and crashing the device.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/AdvSetMacMtuWan' endpoint with a 'serverName' parameter containing an excessively long string, such as 7000 characters. This can be done using a script that automates the request, such as one written in Python using the 'requests' library.