Tenda W3 Stack-Based Buffer Overflow Vulnerability in POST Parameter Handler

A stack-based buffer overflow vulnerability has been identified in the Tenda W3 router, specifically in version 1.0.0.3(2204). The issue arises in the POST parameter handler of the '/goform/wifiSSIDget' file, where the 'index' parameter is manipulated. This vulnerability can be exploited remotely, leading to stack corruption, causing the httpd process to crash and potentially allowing for code execution.

Impact

Exploitation of this vulnerability causes stack corruption, leading to a crash of the httpd process. However, this type of stack-based buffer overflow could also be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/wifiSSIDget' endpoint. The 'index' parameter should be filled with a payload that exceeds the buffer length, causing a stack-based buffer overflow. This can be done using a variety of tools that allow for HTTP request manipulation, such as Burp Suite or Postman.