Tenda CX12L Stack-Based Buffer Overflow Vulnerability in Wi-Fi Schedule Configuration Endpoint

A stack-based buffer overflow vulnerability has been identified in the Tenda CX12L router, specifically in the Wi-Fi schedule configuration endpoint '/goform/openSchedWifi' on firmware version 16.03.53.12. The vulnerability arises in the 'setSchedWifi' function, where user-controlled parameters 'schedStartTime' and 'schedEndTime' are copied into a fixed-size heap-allocated buffer without proper length validation. This oversight allows for memory corruption, potentially leading to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the device's httpd process, making the management interface unavailable. Additionally, the buffer overflow can be manipulated to execute arbitrary code remotely, hijacking the application's control flow.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/openSchedWifi' endpoint with an oversized 'schedStartTime' parameter. This can be done using a Python script that includes the necessary payload to trigger the buffer overflow.

Remediation

Users are advised to update to a version that addresses this vulnerability. Tenda's official website may provide information on available firmware updates.