Tenda CH22 Buffer Overflow Vulnerability in Samba Configuration

A buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in the firmware version 1.0.0.1. The issue arises in the 'formSetSambaConf' function within the '/goform/SetSambaConf' file. The vulnerability is triggered by manipulating the 'samba_userNameSda' parameter, allowing for remote exploitation. This flaw could be exploited to cause a denial-of-service condition, where the router becomes unresponsive and inaccessible.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing the router to crash and become unresponsive.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/SetSambaConf' endpoint. The request must include a 'samba_userNameSda' parameter with a value that exceeds 300 characters, effectively overflowing the buffer. This can be done using a Python script that automates the process, such as one that uses the 'requests' library to send the crafted payload.