Tenda i3 Stack-Based Buffer Overflow Vulnerability in the formSetCfm Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda i3 router, specifically in version 1.0.0.6(2204). The issue arises in the formSetCfm function within the /goform/setcfm file, where insufficient length validation of the funcpara1 parameter allows for remote exploitation. This vulnerability could lead to unauthorized memory manipulation, with potential consequences of arbitrary code execution or causing a denial-of-service condition.
Impact
Exploitation of this vulnerability creates a stack-based buffer overflow, a condition where the buffer being overwritten is allocated on the stack, potentially leading to arbitrary code execution or a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending an HTTP POST request to the /goform/setcfm endpoint. The request must include an excessively long string in the funcpara1 parameter. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.