Tenda F1202 Stack-Based Buffer Overflow Vulnerability in PPTP User Addition Function

A stack-based buffer overflow vulnerability has been identified in the Tenda F1202 router, specifically in version 1.2.0.20(408). The issue arises in the 'fromPptpUserAdd' function within the '/goform/PptpUserAdd' file. The vulnerability is triggered by manipulating the 'opttype' argument, which leads to the overflow. This remote exploit is publicly available and could be used to execute a denial-of-service attack or potentially allow for remote code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a denial-of-service condition or allow for remote code execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/PPTPDClient' with the 'opttype' parameter set to 1 and the 'username' parameter containing a long string. The lack of length validation on the 'username' input when 'opttype' is 1 allows for the buffer overflow to occur.