Tenda FH1202 Stack-Based Buffer Overflow Vulnerability in Web Type Library Function

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue arises in the 'formWebTypeLibrary' function within the '/goform/webtypelibrary' file. The vulnerability is triggered by manipulating the 'webSiteId' parameter, which is concatenated into a fixed-size stack buffer using 'strcat' without proper length validation. This oversight allows for overflow of the stack buffer, potentially leading to a denial-of-service condition and unauthorized code execution. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt normal operation and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/webtypelibrary' endpoint. The 'webSiteId' parameter must be included in the request with a payload that exceeds the buffer's capacity, effectively overflowing the stack buffer and causing the vulnerability to trigger.