Tenda i12 Stack-Based Buffer Overflow Vulnerability in Parameter Handler
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda i12 router, specifically in version 1.0.0.11(3862). The issue arises in the Parameter Handler component, within the formwrlSSIDset function of the /goform/wifiSSIDset file. The vulnerability is triggered by manipulating the wl_radio and index parameters, which leads to an overflow of the stack-based buffer. This flaw can be exploited remotely, potentially allowing for a denial-of-service attack or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/wifiSSIDset endpoint. The request must include the wl_radio parameter set to 0 and the index parameter filled with a payload that exceeds the buffer's capacity. This unbounded input will be processed by the server, causing the stack-based buffer overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.