Tenda F451 Stack-Based Buffer Overflow Vulnerability in DHCP Client Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the HTTP daemon (httpd) within the 'fromDhcpListClient' function of the '/goform/DhcpListClient' file. The vulnerability is triggered by manipulating the 'page' argument, which is passed to the 'sprintf' function without proper length validation. This oversight allows for a buffer overflow on the stack, potentially leading to a denial-of-service condition or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution or to create a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/DhcpListClient' endpoint with a 'page' parameter. The value of this parameter should be a string of 'a' characters, repeated enough times to exceed the buffer limit and cause a stack overflow. This can be done using a script or a tool that automates the process of sending HTTP requests, such as Python with the 'requests' library.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.