Tenda FH451 Stack-Based Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically in version 1.0.0.9. The issue arises in the 'frmL7ProtForm' function within the '/goform/L7Prot' file, where the 'page' argument is manipulated without proper bounds checking. This vulnerability can be exploited remotely, leading to a denial-of-service condition and potentially allowing an attacker to execute a Return-Oriented Programming (ROP) chain for privilege escalation or remote code execution.

Impact

Exploitation of this vulnerability causes a denial-of-service condition and allows for a stack-based buffer overflow, which can be used to execute a Return-Oriented Programming (ROP) chain, overwriting the return address to escalate privileges or execute remote code.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the '/goform/L7Prot' endpoint with a 'page' parameter that exceeds 64 bytes. The lack of proper input validation in the 'frmL7ProtForm' function will trigger the buffer overflow.