Tenda W20E Stack-Based Buffer Overflow Vulnerability in Port Mirroring Function

A stack-based buffer overflow vulnerability has been identified in the Tenda W20E router, specifically in version 15.11.0.6. The issue arises in the 'formSetPortMirror' function within the file '/goform/setPortMirror'. The vulnerability allows remote attackers to manipulate the 'portMirrorMirroredPorts' argument, leading to a buffer overflow of a 256-byte stack buffer. This overflow can overwrite the saved Link Register, potentially causing a crash or allowing remote code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a crash of the device or allow for remote code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/setPortMirror' endpoint with a crafted 'portMirrorMirroredPorts' parameter that exceeds 256 bytes. This can be done using a Python script that includes base64-encoded authentication, simulating an authenticated attack.