Tenda AC8 Buffer Overflow Vulnerability in Embedded Httpd Service

A stack-based buffer overflow vulnerability has been identified in the Tenda AC8 router, specifically in firmware version 16.03.33.05. The issue arises within the embedded httpd service, particularly in the fast_setting_wifi_set interface, which improperly validates user input in the timeZone parameter. This lack of input validation allows remote attackers to exploit the vulnerability by sending crafted HTTP requests with excessively long timeZone values, leading to memory corruption. The exploitation of this vulnerability can cause a denial-of-service condition or potentially allow for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a segmentation fault, indicating a serious memory safety issue. This memory corruption can be leveraged for arbitrary code execution or to crash the device, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/fast_setting_wifi_set endpoint. The request must include a timeZone parameter with an overly long value, such as a string of repeated characters, which will overflow the buffer and cause a segmentation fault.