Tenda CH22 Buffer Overflow Vulnerability in User Name Editing Function

A buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in version 1.0.0.1. The issue arises in the 'formeditUserName' function within the '/goform/editUserName' file. The vulnerability allows remote attackers to manipulate the 'new_account' parameter, leading to a buffer overflow condition. This flaw can be exploited to cause a denial of service by crashing the router, making it inaccessible.

Impact

Exploitation of this vulnerability causes a stack overflow, disrupting the router's operation and causing it to become unresponsive.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/editUserName' endpoint. The request must include the 'old_account' parameter set to 'admin', the 'new_account' parameter filled with a payload of approximately 1000 bytes of arbitrary data, and the 'new_password' parameter set to 'pass'. This payload manipulation triggers the buffer overflow by exceeding the expected input size, causing the router to crash and become inaccessible.