Tenda FH1202 Stack-Based Buffer Overflow Vulnerability in NatSaticSetting Function

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue arises in the 'fromNatStaticSetting' function within the '/goform/NatSaticSetting' file. The vulnerability is triggered by manipulating the 'page' parameter, which is passed to the 'sprintf' function without proper length validation. This oversight allows for a buffer overflow on the stack, potentially leading to a denial-of-service condition or arbitrary code execution. The vulnerability can be exploited remotely, and a proof-of-concept exploit is publicly available.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt normal operation (denial-of-service) and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/NatSaticSetting' endpoint. The 'page' parameter must be included in the request body, filled with a string long enough to overflow the stack buffer. The request should be made with the appropriate headers to simulate a legitimate XMLHttpRequest.