Tenda TX9 Buffer Overflow Vulnerability in Wi-Fi Settings

A buffer overflow vulnerability has been identified in the Tenda TX9 router, specifically in the version through 22.03.02.10_multi. The issue arises in the function sub_432580 within the file /goform/fast_setting_wifi_set. The vulnerability can be exploited remotely by manipulating the 'ssid' parameter, leading to potential denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to stack corruption. This type of memory corruption vulnerability commonly allows for arbitrary code execution or causing a denial-of-service condition by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/fast_setting_wifi_set endpoint with a crafted 'ssid' parameter. The value of this parameter should be sufficiently long to exceed the buffer's capacity, causing a stack-based buffer overflow.