Tenda F453 Stack-Based Buffer Overflow Vulnerability in Parameters Handler
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3. The issue arises in the 'fromVirtualSer' function within the '/goform/VirtualSer' file of the Parameters Handler component. The vulnerability is triggered by manipulating the 'page' argument, which is passed to the 'sprintf' function without proper length validation, allowing for stack memory overflow. This vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code or cause a denial-of-service condition on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/VirtualSer' endpoint. The request must include a 'page' parameter filled with a payload that exceeds the buffer's capacity, effectively overwriting the stack memory. This can be done using a web browser or a tool like curl, ensuring that the 'Content-Length' header reflects the size of the payload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.