Tenda F451 Buffer Overflow Vulnerability in DHCP Server Function

A buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in the firmware version 1.0.0.7_cn_svn7958. The issue arises in the HTTP server component, within the 'fromGstDhcpSetSer' function of the '/goform/GstDhcpSetSer' file. The vulnerability is triggered by manipulating the 'dips' parameter, which is accepted without proper length validation, allowing for stack-based buffer overflow. This flaw can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged to execute arbitrary code or create a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/GstDhcpSetSer' endpoint with a 'dips' parameter. The value of this parameter should be crafted to exceed the buffer size, thereby causing a stack-based overflow. This can be done using a simple script that automates the process, such as a Python script using the 'requests' library.