CVE-2022-46544

Vulnerability

A buffer overflow vulnerability exists in Tenda F1203 router firmware version V2.0.1.6 [1]. The flaw is located in the httpd module's handling of the /goform/exeCommand endpoint. Specifically, the cmdinput parameter is copied into a fixed-size stack buffer without proper bounds checking, leading to a stack-based buffer overflow when an overly long string is supplied [1]. The vulnerability is reachable via an unauthenticated HTTP POST request to the goform/exeCommand handler [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the target router's /goform/exeCommand endpoint [1]. The request must include an excessively long cmdinput parameter value. No authentication is required, as the endpoint is accessible without valid credentials [1]. The provided proof-of-concept (POC) demonstrates that sending a payload of approximately 4110 bytes of the character 'a' triggers the overflow, resulting in a denial of service (DoS) [1].

Impact

Successful exploitation causes a buffer overflow that likely corrupts the stack, leading to a crash of the httpd process and resulting in a denial of service [1]. The attacker does not gain code execution or persistent control; the primary impact is temporary unavailability of the router's web management interface [1].

Mitigation

As of the publication date (2022-12-20), no official patch from Tenda has been released for CVE-2022-46544. The affected firmware version is V2.0.1.6, available from the vendor's download page [1]. Users should monitor Tenda's support channels for a firmware update. Until a fix is available, limiting exposure by restricting network access to the router's management interface is advised [1].