CVE-2023-4744: A critical vulnerability has been discovered in Tenda AC8 16.03.34.06_cn_TDC01, a popular router model from Tenda, a leading networking solutions provider. The affected function is formSetDeviceName, and the manipulation leads to a stack-based buffer overflow. This vulnerability can be exploited remotely, and the exploit is available to the public. The vulnerability has been assigned an identifier, VDB-238633, and requires immediate attention.

Vulnerability Details

The vulnerability, classified as critical, resides in the formSetDeviceName function of Tenda AC8 16.03.34.06_cn_TDC01. This function is responsible for setting the device name on the router. The vulnerability is a stack-based buffer overflow, which occurs when the router is not able to adequately perform a range check for the input data, allowing an attacker to overflow the buffer and potentially execute arbitrary code remotely.

int formSetDeviceName (void *web, void *request)
{
   char devicename[64];

   getFormString(request, "devicename", devicename, sizeof(devicename));
   // Vulnerable code section, missing buffer overflow safeguard
   strncpy(devicename, devicename, sizeof(devicename));
}

Exploit Details

The exploit for this vulnerability can be executed remotely, allowing attackers to hijack the router, modify configuration settings, or execute arbitrary code. Since the exploit is publicly available, the likelihood of attacks increases. One potential example of the exploit would involve sending a crafted HTTP request with an oversized "devicename" field, causing the buffer overflow to occur:

POST /goform/formSetDeviceName HTTP/1.1
Host: <target>
Content-Type: application/x-www-form-urlencoded
Content-Length: 150

devicename=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<shellcode>

1. Vulnerability Database : The original public disclosure of the vulnerability, VDB-238633.
2. Tenda Support Page : Tenda's official support page, where users can request assistance and obtain firmware updates.

Conclusion

CVE-2023-4744 is a critical vulnerability in Tenda AC8 16.03.34.06_cn_TDC01 that allows attackers to cause a stack-based buffer overflow in the formSetDeviceName function remotely. The exploit is publicly known, and VDB-238633 has been assigned to this vulnerability. Users of Tenda AC8 16.03.34.06_cn_TDC01 are advised to contact Tenda support for firmware updates and instructions on how to mitigate the risk associated with this vulnerability.

Timeline

Published on: 09/04/2023 00:15:07 UTC
Last modified on: 11/07/2023 04:22:55 UTC