Tenda F453 Stack-Based Buffer Overflow Vulnerability
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'fromwebExcptypemanFilter' function within the '/goform/webExcptypemanFilter' file. The vulnerability is triggered by manipulating the 'page' argument, which is passed to the 'sprintf' function without proper length validation, allowing for stack memory overflow. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution or to create a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/goform/webExcptypemanFilter' with a 'page' parameter containing a payload designed to overflow the stack-based buffer. The request must include appropriate headers to mimic a legitimate XMLHttpRequest.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.