Tenda F451 Buffer Overflow Vulnerability in P2P List Filter Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the 'fromP2pListFilter' function within the '/goform/P2pListFilter' file. The vulnerability is triggered by manipulating the 'page' parameter, which is passed to the 'sprintf' function without proper length validation. This oversight allows for remote exploitation, leading to potential denial-of-service conditions or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can result in arbitrary code execution or a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/P2pListFilter' endpoint with a 'page' parameter that contains a payload designed to overflow the stack-based buffer. This can be done using a tool like 'requests' in Python, by specifying a 'page' value that is sufficiently large to cause the overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.