Tenda AC8 Stack-Based Buffer Overflow Vulnerability in Httpd Service
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda AC8 router, specifically in version 16.03.34.06. The issue arises in the webCgiGetUploadFile function within the Httpd service, where the boundary parameter of the Content-Type header is not properly validated. This flaw allows remote attackers to overflow a fixed-size stack buffer of 64 bytes, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability can be exploited by sending a crafted POST request to the /cgi-bin/UploadCfg endpoint.
Impact
Exploitation of this vulnerability allows for arbitrary code execution or the creation of a denial-of-service condition on the affected device.
Reproduction
To reproduce this vulnerability, send a POST request to the /cgi-bin/UploadCfg endpoint with a Content-Type header that includes a boundary parameter. The boundary parameter should be crafted to exceed 64 bytes, exploiting the lack of proper length validation and causing a stack-based buffer overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.