Tenda FH1202 Stack-Based Buffer Overflow Vulnerability in DHCP Client List Management

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue arises in the 'fromDhcpListClient' function within the '/goform/DhcpListClient' file. The vulnerability is triggered by manipulating the 'page' parameter, which is passed to the 'sprintf' function without proper length validation, allowing for overflow of a stack-based buffer. This vulnerability can be exploited remotely, leading to potential denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt normal operation (denial-of-service) and potentially allow for arbitrary code execution on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/DhcpListClient' endpoint. The 'page' parameter must be included in the request with a value that exceeds the buffer's capacity, such as a long string of repeated characters. This can be done using a web browser or a tool like curl, ensuring that the request mimics the headers of a typical XMLHttpRequest.