Tenda F453 Stack-Based Buffer Overflow Vulnerability in PPTP Client Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'fromPptpUserAdd' function within the '/goform/PPTPDClient' file. The vulnerability is triggered by manipulating the 'username' and 'opttype' parameters. When 'opttype' is set to 1, the function improperly passes the 'username' value to 'sprintf' without a length check, allowing for a buffer overflow on the stack. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt the normal operation of the device or be leveraged to execute arbitrary code.
Reproduction
To reproduce this vulnerability, send a POST request to '/goform/PPTPDClient' with the 'opttype' parameter set to 1 and the 'username' parameter filled with a payload designed to overflow the stack buffer. The request should be made without authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.