CVE-2022-46550

Vulnerability

A buffer overflow vulnerability exists in the httpd module of Tenda F1203 router firmware version V2.0.1.6. The flaw is located in the saveParentControlInfo function at /goform/saveParentControlInfo. The urls parameter is copied into a fixed-size stack buffer without proper length validation, allowing an attacker to cause a stack buffer overflow [1]. Reversing shows that the urls_value is retrieved via websGetVar and then used in a copy operation that can overflow a 512-byte buffer (v20) [1].

Exploitation

An attacker must have network access to the router's web interface (typically on LAN) and send a crafted HTTP POST request to /goform/saveParentControlInfo with an excessively long urls parameter. No authentication is required if the parent control feature is exposed, or an attacker can be on the same network. The overflow overwrites stack variables and return addresses, enabling control of program flow [1].

Impact

Successful exploitation can cause denial of service (device crash) and, depending on the specific overwritten data, may allow arbitrary code execution with the privileges of the httpd process (root). This gives the attacker full control over the router [1].

Mitigation

As of the last available reference, no fix has been released by Tenda for this vulnerability. Users should consider isolating the router from untrusted network segments or replacing the device with a supported model. The firmware download page (https://www.tenda.com.cn/download/detail-2494.html) may contain future updates, but no patched version has been confirmed [1].