Tenda F451 Buffer Overflow Vulnerability in the SetIpBind Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7_cn_svn7958. The issue arises in the fromSetIpBind function within the httpd service, where a user-supplied parameter is improperly handled. The vulnerability can be exploited remotely by manipulating the 'page' argument, leading to potential denial-of-service conditions or arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution or to create a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/SetIpBind' endpoint. The request must include a 'page' parameter with a value that exceeds the buffer's capacity, such as 2048 bytes of repeated 'a' characters. This can be done using a script or tool that automates the process of sending HTTP requests, such as Python with the Requests library.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.