Tenda F451 Stack-Based Buffer Overflow Vulnerability in SafeMacFilter Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in the firmware version 1.0.0.7. The issue arises in the httpd component within the fromSafeMacFilter function, where user-supplied parameters can be manipulated. If the 'menufacturer' parameter is left empty, it allows for an unchecked buffer overflow by passing data to a sprintf function, potentially leading to arbitrary code execution or a denial-of-service condition. This vulnerability can be exploited remotely and has been publicly disclosed with an available proof-of-concept exploit.
Impact
Exploitation of this vulnerability allows for stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the affected device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/SafeMacFilter' endpoint. The request must include a 'page' parameter with a payload that exceeds 2048 bytes. If the 'menufacturer' parameter is left empty, the vulnerability is triggered, causing a stack-based buffer overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.