Tenda FH1201 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1201 router, specifically in version 1.2.0.14(408). The issue arises in the 'formWrlExtraSet' function within the '/goform/WrlExtraSet' file, part of the Parameter Handler component. The vulnerability is triggered by manipulating the 'GO' argument, which is not properly validated before being passed to a function that handles reboot requests. This oversight allows for excessive data to overwrite adjacent memory on the stack, potentially leading to arbitrary code execution or causing a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WrlExtraSet' endpoint. The request must include a 'GO' parameter filled with a payload that exceeds the buffer's capacity. This can be done using a web browser or a tool like curl, ensuring that the Content-Length header reflects the size of the payload.