Tenda F456 Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in version 1.0.0.5. The issue arises in the httpd component, within the fromPptpUserAdd function of the /goform/PPTPDClient file. The vulnerability is triggered by manipulating the opttype and username parameters, which can lead to a buffer overflow. This flaw can be exploited remotely, and a public proof-of-concept is available.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/PPTPDClient endpoint. The request must include the opttype parameter set to 1 and a username parameter containing a long string of data. This input will overflow the stack-based buffer, allowing for potential code execution or causing a denial-of-service condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.