Tenda F453 Buffer Overflow Vulnerability in HTTPD Component

A buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the HTTP daemon (httpd) component, within the 'frmL7ProtForm' function of the '/goform/L7Prot' file. The vulnerability is triggered by manipulating the 'page' argument, which leads to a stack-based buffer overflow. This flaw can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to stack corruption and potentially allow for arbitrary code execution. Additionally, this vulnerability could be used to perform a denial-of-service attack, causing the device to become unresponsive or crash.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/L7Prot' endpoint. The request must include a 'page' parameter filled with a payload that exceeds the buffer's capacity, effectively causing the buffer overflow. This can be done using a web browser or a tool like curl or Postman, by setting the 'Content-Length' header to reflect the size of the payload.