Tenda AC7 and AC18 Buffer Overflow Vulnerability in LED Configuration Schedule Function

A buffer overflow vulnerability has been identified in the Tenda AC7 and AC18 routers, specifically in the firmware versions 15.03.05.19 and 15.03.06.44. The vulnerability resides in the 'formSetSchedLed' function within the '/goform/SetLEDCfg' file. This issue arises when the 'time' parameter is manipulated, leading to a buffer overflow. The vulnerability can be exploited remotely, potentially allowing for denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption. This type of vulnerability often allows for arbitrary code execution, where an attacker can execute malicious code on the device, or can cause a denial-of-service condition, disrupting the normal functioning of the device.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/SetLEDCfg' endpoint with a crafted 'time' parameter. The payload should be designed to exceed the buffer size, causing a stack overflow. This can be done using a script that automates the process, such as one written in Python that uses the 'requests' library to send the malicious payload.