Tenda AX-3 Stack Overflow Vulnerability in WAN MTU Parameter Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the Tenda AX-3 router, specifically in version 16.03.12.10_CN. The issue arises in the 'fromAdvSetMacMtuWan' function, where the 'wanMTU2' parameter is processed. The vulnerability allows attackers to send crafted requests that cause a denial-of-service condition by exploiting the lack of input validation on the 'wanMTU2' parameter. This oversight enables the overflow of a stack-allocated buffer, corrupting adjacent memory and causing the device to crash.

Impact

Exploitation of this vulnerability leads to a persistent denial-of-service condition, causing the router to crash and fail to provide services correctly.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/AdvSetMacMtuWan' endpoint with an excessively long 'wanMTU2' parameter. This can be done using a script that automates the request, such as one written in Python using the 'requests' library. The router will crash upon receiving the crafted request, demonstrating the denial-of-service impact.