CVE-2022-46543

Vulnerability

Tenda F1203 router firmware version V2.0.1.6 is vulnerable to a buffer overflow in the httpd module when handling the /goform/addressNat endpoint. The overflow occurs in the fromAddressNat function via the mitInterface parameter. An attacker can send a crafted POST request with an overly long mitInterface value to trigger the overflow. No authentication is required as the request can be sent to the router's web interface, which is typically exposed on the LAN. The vulnerability is present in the affected version V2.0.1.6 [1].

Exploitation

An attacker on the same network (or from the WAN if the web interface is exposed) can send a specially crafted HTTP POST request to http:///goform/addressNat with an extremely long mitInterface parameter (e.g., over 4000 'a' characters). The provided proof-of-concept (POC) demonstrates that this leads to a denial of service (DoS) by crashing the httpd process. No prior authentication or user interaction is required; the vulnerability can be triggered with a single request [1].

Impact

Successful exploitation results in a buffer overflow that causes the router's web server (httpd) to crash, leading to a denial of service. The router may become unresponsive or require a reboot to restore normal operation. The vulnerability does not appear to allow arbitrary code execution based on the available references, but the crash can disrupt network connectivity for users relying on the router [1].

Mitigation

As of publication (December 2022), no official patch has been released by Tenda for this vulnerability. The affected version is V2.0.1.6, and users are advised to check the vendor's download page (https://www.tenda.com.cn/download/detail-2494.html) for firmware updates [1]. If no update is available, restricting access to the router's web interface from the WAN and minimizing exposure on the LAN can reduce the risk of exploitation. The CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.