Tenda F453 Buffer Overflow Vulnerability in RouteStatic Function Allowing Remote Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the httpd component, within the fromRouteStatic function of the /goform/RouteStatic file. The vulnerability allows for remote exploitation by manipulating the 'page' parameter, leading to a stack-based buffer overflow. This could potentially be exploited to execute arbitrary code or cause a denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash, creating a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/RouteStatic endpoint. The request must include a 'page' parameter that is crafted to overflow the buffer in the fromRouteStatic function. This can be done by using a payload that exceeds the buffer's capacity, such as a string of repeated characters.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.