Tenda F453 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'fromSetCfm' function within the '/goform/setcfm' file, where user-supplied parameters 'funcname' and 'funcpara1' are not properly validated. When 'funcpara1' is set to 'save_list_data', the lack of length checking allows for an overflow condition. This vulnerability can be exploited remotely, potentially leading to a denial-of-service situation or arbitrary code execution.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/setcfm' with the 'funcname' parameter set to 'save_list_data' and the 'funcpara1' parameter filled with a payload that exceeds the buffer length. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate HTTP request.