Tenda AC20 Stack-Based Buffer Overflow Vulnerability in setMacFilterCfg Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda AC20 router running firmware version 16.03.08.12. This vulnerability allows unauthenticated remote attackers to execute arbitrary code or cause a denial-of-service condition. The issue arises in the 'sub_46A2AC' function within the '/goform/setMacFilterCfg' endpoint, where the 'deviceList' parameter is processed using unsafe string operations that lack proper bounds checking, leading to stack corruption.
Impact
Exploitation of this vulnerability allows for arbitrary code execution or a denial-of-service condition on the affected device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/setMacFilterCfg' endpoint with a crafted 'deviceList' parameter. This parameter should be manipulated to include data that exceeds the buffer limits, such as overly long 'name' or 'MAC address' entries. The 'macFilterType' parameter can also be included in the request, but it is not necessary for the exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.