Tenda F456 Buffer Overflow Vulnerability in L7Im Form

A buffer overflow vulnerability has been identified in the Tenda F456 router, specifically in version 1.0.0.5. The issue arises in the frmL7ImForm function within the file /goform/L7Im. The vulnerability allows for remote exploitation by manipulating the 'page' argument, leading to a stack-based buffer overflow. This could potentially be used to execute a denial-of-service attack or remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to stack corruption. This type of memory corruption vulnerability commonly allows for arbitrary code execution or causing a device to crash, disrupting its normal operation.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/L7Im endpoint. The request must include a 'page' parameter filled with a payload that exceeds the buffer's capacity, effectively causing the overflow. This can be done using a tool like Burp Suite or a custom script that automates the process.