Tenda CH22 Stack-Based Buffer Overflow Vulnerability in CertLocalPrecreate Function

A stack-based buffer overflow vulnerability has been identified in the Tenda CH22 router, specifically in version 1.0.0.1. The issue arises in the 'formCertLocalPrecreate' function within the 'httpd' component, where user-supplied input in the 'standard' parameter is not properly validated before being passed to the 'sprintf' function. This lack of length checking allows for the overflow to occur, potentially leading to a denial-of-service condition or arbitrary code execution. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/CertLocalPrecreate' with a 'standard' parameter that contains a payload designed to overflow the stack-based buffer. The absence of length validation allows the user-supplied data to exceed the buffer's capacity, creating the overflow condition.