CVE-2022-46548

Vulnerability

A buffer overflow vulnerability exists in the fromDhcpListClient function of the Tenda F1203 router running firmware version V2.0.1.6. The flaw resides in the httpd module handling of the /goform/DhcpListClient endpoint. An attacker can trigger the overflow by sending a crafted POST request with an excessively long page parameter (over 4000 bytes of 'a' characters, as shown in the proof-of-concept) [1].

Exploitation

An attacker must be on the same network as the target router (e.g., connected to the LAN) and can leverage the device's default credentials or any valid session cookie to authenticate; the proof-of-concept includes a Cookie: user=admin header [1]. The exploit sends an HTTP POST request to /goform/DhcpListClient with the page parameter set to a long string of characters, causing the buffer overflow. No prior write access or user interaction beyond network access is required.

Impact

Successful exploitation results in a denial-of-service (DoS) condition due to the buffer overflow crashing the httpd process, as demonstrated by the proof-of-concept [1]. The router may become unresponsive until rebooted. No code execution or privilege escalation is described in available references.

Mitigation

As of the publication date (December 2022) and based on available references, no official firmware patch has been released by Tenda [1]. Users are advised to monitor the vendor's download page (https://www.tenda.com.cn/download/detail-2494.html) for updates. Until a fix is available, restricting access to the router's administration interface to trusted devices only, or placing the router behind an additional firewall, may reduce exposure.