Tenda F456 Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in version 1.0.0.5. The issue arises in the 'fromSafeUrlFilter' function within the '/goform/SafeUrlFilter' file of the 'httpd' component. The vulnerability is triggered by manipulating the 'page' argument, which leads to a buffer overflow. This flaw can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash, creating a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/goform/SafeUrlFilter' endpoint. The request must include a 'page' parameter with a payload designed to overflow the stack-based buffer. If the 'menufacturer' parameter is left empty, the vulnerability can be exploited, as the 'page' parameter is then passed to the 'sprintf' function without proper length validation, allowing for the buffer overflow to occur.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.