Tenda HG10 Stack-Based Buffer Overflow Vulnerability in Web Management Interface

A stack-based buffer overflow vulnerability has been identified in the Tenda HG10 router, specifically in the web management interface under the 'formPPPEdit' handler. This vulnerability arises from the 'encodename' parameter, which can be manipulated to overflow a stack buffer. The issue can be exploited remotely, potentially leading to a crash of the Boa web service or arbitrary code execution, as the affected process runs with elevated privileges.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the Boa web service, making the administrative interface unreachable. Additionally, the stack corruption could be leveraged for remote code execution, given the right conditions.

Reproduction

To reproduce this vulnerability, send a POST request to '/boaform/formPPPEdit' with an excessively long 'encodename' value. The overflow can be verified by the resulting crash of the Boa service, which can be observed by the subsequent unavailability of the administrative web interface.