Tenda W20E Stack-Based Buffer Overflow Vulnerability in Web Management Interface

A stack-based buffer overflow vulnerability has been identified in the Tenda W20E router, specifically in version 15.11.0.6. The issue resides in the web management interface, within the 'modifyWifiFilterRules' function of the '/goform/modifyWifiFilterRules' endpoint. The vulnerability is triggered by sending an overly long string in the 'wifiFilterListRemark' parameter. This exploitation can be initiated remotely, and while it may cause a denial-of-service by crashing the web service, it could also lead to remote code execution.

Impact

Exploitation of this vulnerability can cause a denial-of-service by crashing the web service, and may also allow for remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/modifyWifiFilterRules' endpoint with a crafted 'wifiFilterListRemark' parameter containing an excessively long string. The vulnerability can be exploited after establishing a session and, if necessary, setting a cookie to simulate an authenticated user.