Tenda W3 Stack-Based Buffer Overflow Vulnerability in AutoPing Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda W3 router, specifically in version 1.0.0.3(2204). The issue arises in the 'formSetAutoPing' function within the '/goform/setAutoPing' endpoint, where the 'ping1' and 'ping2' POST parameters are processed. The vulnerability can be exploited remotely by sending a crafted request with an excessively long value for either 'ping1' or 'ping2', causing stack corruption that could lead to a crash and potentially allow for arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can corrupt the stack and potentially allow an attacker to execute arbitrary code.
Reproduction
To reproduce this vulnerability, send a POST request to the '/goform/setAutoPing' endpoint with the 'linkEn' parameter set to '1' and either the 'ping1' or 'ping2' parameter filled with a long string. The request should be made without proper length validation, which will trigger the buffer overflow by overwriting the stack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.