Tenda F451 Stack-Based Buffer Overflow Vulnerability in WrlExtraSet Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the formWrlExtraSet function within the file /goform/WrlExtraSet. The vulnerability is triggered by manipulating the GO parameter, which is passed to a subroutine without proper length validation. This oversight allows for the overflow of a stack-based buffer, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/WrlExtraSet endpoint with a crafted payload that includes a GO parameter. The payload should be designed to overflow the stack-based buffer by exceeding its allocated size. This can be done using a sequence of bytes, such as repeating the letter 'a', to overwrite the stack memory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.