Tenda Wi-Fi 5 Routers AC21 and AC23 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda Wi-Fi 5 Router AC21 and AC23 models, both running the firmware version 16.03.08.16. The vulnerability arises in the GetParentControlInfo function within the /goform/GetParentControlInfo endpoint, where insufficient parameter restrictions and lack of boundary checks allow for remote, unauthenticated attacks. Exploitation of this vulnerability can lead to a Denial of Service (DoS) condition.

Impact

Exploitation of this vulnerability causes a Denial of Service (DoS) condition, disrupting the normal functioning of the device.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the /goform/GetParentControlInfo endpoint, with the 'mac' parameter manipulated to overflow the buffer. This can be done using a Python script that automates the process of sending the malicious payload. The Tenda AC21 and AC23 routers can be emulated using QEMU to demonstrate the vulnerability.