CVE-2022-46549

Vulnerability

The Tenda F1203 router firmware version V2.0.1.6 contains a buffer overflow vulnerability in the httpd module. The flaw resides in the /goform/saveParentControlInfo handler, where the deviceId parameter is copied into a fixed-size stack buffer without proper bounds checking. An attacker can supply an overly long deviceId value to overflow the buffer. [1]

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the /goform/saveParentControlInfo endpoint with an excessively long deviceId parameter. No authentication is required, as the handler is accessible without login. The overflow occurs during the processing of the deviceId value, allowing the attacker to overwrite adjacent stack data and potentially control program execution. [1]

Impact

Successful exploitation can lead to denial of service (crash of the httpd process) or arbitrary code execution with the privileges of the httpd process, typically root on embedded routers. This could allow an attacker to gain full control of the affected device. [1]

Mitigation

As of the publication date (2022-12-20), no official patch has been released by Tenda. Users should monitor Tenda's support site for firmware updates. The affected version is V2.0.1.6. As a workaround, restrict access to the router's management interface to trusted networks only. [1]