Tenda i3 Stack-Based Buffer Overflow Vulnerability in the setAutoPing Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda i3 router, specifically in version 1.0.0.6(2204). The issue arises in the formSetAutoPing function within the /goform/setAutoPing file. This vulnerability can be exploited remotely by sending a crafted HTTP POST request to the /goform/setAutoPing endpoint, manipulating the ping1 or ping2 parameters. The lack of proper length validation for these parameters allows for the overflow to occur.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending an HTTP POST request to the /goform/setAutoPing endpoint with an excessively long ping1 or ping2 parameter. This can be done using a tool like Burp Suite or a custom script that automates the process. The request must include the appropriate headers, such as User-Agent and Referer, to mimic a legitimate browser request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.