Tenda F456 Buffer Overflow Vulnerability in HTTP Daemon

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in version 1.0.0.5. The issue arises in the HTTP daemon (httpd) within the 'fromPPTPUserSetting' function of the '/goform/PPTPUserSetting' file. The vulnerability is triggered by manipulating the 'delno' parameter, which leads to a buffer overflow condition. This vulnerability can be exploited remotely, potentially allowing for a denial-of-service attack or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/PPTPUserSetting' with an excessively long 'delno' parameter. This can be done using a web browser or a tool like curl or Postman. The request should include the 'X-Requested-With' header set to 'XMLHttpRequest' and the 'Accept' header set to 'text/plain, */*; q=0.01'.