Tenda FH1202 Stack-Based Buffer Overflow Vulnerability in formWrlsafeset Function

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue arises in the 'formWrlsafeset' function within the '/goform/AdvSetWrlsafeset' file. The vulnerability is triggered by manipulating the 'mit_ssid' or 'mit_ssid_index' parameters, which are passed to the 'sprintf' function without proper length validation. This oversight allows for an overflow of the stack-based buffer, potentially leading to a crash (denial-of-service) and, in some environments, remote code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a denial-of-service condition by crashing the device. Additionally, in constrained environments, this vulnerability could be exploited to execute arbitrary code remotely.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/AdvSetWrlsafeset' endpoint. The request must include an overly long 'mit_ssid' or 'mit_ssid_index' parameter. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate HTTP request.