Tenda A18 Pro Stack-Based Buffer Overflow Vulnerability in IP-MAC Binding Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda A18 Pro router, specifically in the firmware version 02.03.02.28. The issue arises in the IP-MAC binding configuration endpoint '/goform/SetIpMacBind', within the 'fromSetIpMacBind' function. This function processes the 'list' parameter, which contains binding rules, but fails to validate the input length before copying it into a fixed-size stack buffer. The vulnerability can be exploited remotely, leading to potential unauthorized code execution.
Impact
Exploitation of this vulnerability allows for remote code execution with root privileges. Additionally, it can cause a denial-of-service condition by crashing the 'httpd' process, which disables the web management interface.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/SetIpMacBind' endpoint with an oversized 'list' parameter. This can be done using a Python script that automates the process, sending a string long enough to overflow the stack buffer.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.