CVE-2022-46536

Vulnerability

A buffer overflow vulnerability exists in the httpd module of Tenda F1203 router firmware version V2.0.1.6. The flaw is triggered when processing a crafted POST request to the /goform/SetClientState endpoint, specifically through the limitSpeedUp parameter. The parameter is copied into a fixed-size buffer without proper bounds checking, leading to a stack-based overflow [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the router's management interface. The request must include an overly long limitSpeedUp value (e.g., a string of several thousand 'a' characters). No authentication is required, as the vulnerable endpoint is accessible without valid credentials; the proof-of-concept includes a default user=admin cookie but the overflow occurs regardless of its validity. The attack can be performed remotely over the network, requiring only that the target device is reachable [1].

Impact

Successful exploitation results in a denial of service (DoS) condition. The buffer overflow corrupts the stack, causing the httpd process to crash and rendering the router's web interface unresponsive. The device may need to be rebooted to restore normal operation. No evidence of code execution or data exfiltration has been reported in the available references [1].

Mitigation

As of the publication date, no official patch or firmware update has been released by Tenda to address this vulnerability. Users are advised to restrict access to the router's management interface by disabling remote administration, using a firewall to limit exposure, or replacing the device if it is no longer supported. The affected firmware version V2.0.1.6 remains vulnerable [1].