Tenda FH451 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically in version 1.0.0.9. The issue arises in the 'formQuickIndex' function within the '/goform/QuickIndex' file. The vulnerability is triggered by manipulating the 'mit_linktype' and 'PPPOEPassword' parameters. When 'mit_linktype' is set to 2, the lack of length validation allows for a buffer overflow, which could be exploited remotely. This vulnerability is classified as critical, with the potential for denial-of-service or remote code execution impacts.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/QuickIndex' with the 'mit_linktype' parameter set to 2 and the 'PPPOEPassword' parameter filled with a long string. The request can be made using a tool like Burp Suite or through a script that automates the process.