Tenda F451 Buffer Overflow Vulnerability in RouteStatic Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the 'fromRouteStatic' function within the '/goform/RouteStatic' file, where user-supplied input in the 'page' parameter is not properly validated before being passed to the 'sprintf' function. This lack of length checking allows for the overflow of a stack-based buffer, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the affected device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/RouteStatic' endpoint with a 'page' parameter that contains a payload designed to overflow the buffer. The public exploit available on GitHub can be used to automate this process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.