Tenda AC23 Stack-Based Buffer Overflow Vulnerability in HTTPD Component

A stack-based buffer overflow vulnerability has been identified in the Tenda AC23 router, specifically in the 16.03.07.52 firmware version. The issue arises in the HTTP daemon (httpd) within the '/goform/setMacFilterCfg' file. The vulnerability is triggered by the 'deviceList' parameter, which lacks proper input length validation. This flaw allows remote attackers to manipulate the parameter, leading to arbitrary code execution on the device.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device. Additionally, it can cause the device to crash, disrupting its normal operation.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setMacFilterCfg' endpoint. The request must include the 'macFilterType' parameter and a crafted 'deviceList' parameter that overwrites the stack. This can be achieved by using a payload that exceeds the buffer size, such as one crafted with a tool like 'cyclic' to create a buffer overflow exploit.