CVE-2022-46546

Vulnerability

A buffer overflow vulnerability exists in the httpd module of Tenda F1203 router firmware version V2.0.1.6, specifically in the /goform/RouteStatic handler. The vulnerability is triggered by a crafted entrys parameter in a POST request to this endpoint. The flaw resides in the fromRouteStatic function, which does not properly validate the length of the entrys input, leading to memory corruption. [1]

Exploitation

An attacker must be on the same network as the target router and have administrative access (e.g., by guessing default credentials or via an authenticated session). The attack requires sending a POST request to http://<router_ip>/goform/RouteStatic with an overly long entrys value. A proof-of-concept (PoC) from the reference [1] demonstrates sending a string of 4108 'a' characters as the entrys parameter, which causes a denial of service by overflowing the buffer.

Impact

Successful exploitation results in a denial of service (DoS) — the router's httpd process crashes. The reference explicitly states this PoC can result in a DoS. The impact is limited to availability; there is no indication of code execution or information disclosure. [1]

Mitigation

As of the publication date (2022-12-20), no patched firmware version has been released by Tenda. The vendor has not confirmed a fix. Users may consider isolating the router's administrative interface from untrusted networks or upgrading to a different model if available. The affected firmware is Tenda F1203 V2.0.1.6. [1]