Tenda F453 Stack-Based Buffer Overflow Vulnerability
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'httpd' component, within the 'formexeCommand' function of the '/goform/exeCommand' file. The vulnerability is triggered by manipulating the 'cmdinput' parameter, which is passed to the 'strcpy' function without proper length validation. This oversight allows for the overflow of a stack-based buffer, potentially leading to arbitrary code execution or a denial-of-service condition.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution or to create a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/goform/exeCommand' with a 'cmdinput' parameter that exceeds the buffer's capacity. The lack of length checks in the 'strcpy' function allows the overflow to occur, potentially leading to code execution or a denial-of-service condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.