Tenda AC1206 Stack-Based Buffer Overflow Vulnerability in Parent Control Function

A stack-based buffer overflow vulnerability has been identified in the Tenda AC1206 Wi-Fi 5 router, specifically in the firmware version 15.03.06.23. The vulnerability arises in the 'GetParentControlInfo' function within the '/goform/GetParentControlInfo' endpoint. The issue is caused by inadequate parameter restrictions and the absence of proper boundary checks, allowing unauthenticated remote attackers to manipulate the 'mac' argument and execute a denial-of-service attack.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/goform/GetParentControlInfo' endpoint, with the 'mac' parameter containing a payload designed to overflow the buffer. This can be done using a Python script that automates the process of sending the malicious payload. The Tenda AC1206 router must be accessible on the local network for the attack to be successful.