Tenda F453 Stack-Based Buffer Overflow Vulnerability in QuickIndex Form
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'formQuickIndex' function within the '/goform/QuickIndex' file. The vulnerability is triggered by manipulating the 'mit_linktype' and 'PPPOEPassword' parameters. When 'mit_linktype' is set to 2, the 'PPPOEPassword' is passed to the 'sub_3C6C0' function without proper length validation, allowing for a buffer overflow. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution or to create a denial-of-service condition.
Reproduction
To reproduce this vulnerability, send a POST request to '/goform/QuickIndex' with the 'mit_linktype' parameter set to 2 and the 'PPPOEPassword' parameter filled with a long string. The 'PPPOEPassword' value should be sufficiently long to overflow the stack-based buffer.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.