Tenda F456 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in version 1.0.0.5. The issue arises in the 'formWrlsafeset' function within the '/goform/AdvSetWrlsafeset' file. The vulnerability is triggered by manipulating the 'mit_ssid' parameter, which is not properly validated before being processed. This flaw can be exploited remotely, potentially leading to unauthorized code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/AdvSetWrlsafeset' with a 'mit_ssid' parameter that contains a payload designed to overflow the stack buffer. This can be done using a variety of tools that allow for HTTP request manipulation, such as Burp Suite or custom scripts.