CVE-2022-44175 - Tenda AC18 V15.03.05.19 Vulnerable to Buffer Overflow Exploit in Function formSetMacFilterCfg

A new critical vulnerability has been discovered and assigned the identifier CVE-2022-44175. The issue lies within the popular Tenda AC18 router, particularly firmware version V15.03.05.19. This vulnerability is due to a buffer overflow in the formSetMacFilterCfg function, which can be exploited by remote attackers. In this post, we will analyze the vulnerability, provide a code snippet demonstrating the issue, and include links to original references and further exploit details.

Vulnerability Details

The Tenda AC18 router is a high-performance router, providing fast and reliable networking solutions for homes and businesses. Unfortunately, firmware version V15.03.05.19 has been found to contain a buffer overflow vulnerability. The issue occurs when the formSetMacFilterCfg function does not properly handle user input, leading to potential buffer overflows.

When an attacker is able to exploit this vulnerability, they may be able to execute malicious code on the target router. This can compromise the network and any associated devices, potentially leading to loss of sensitive data, unauthorized access, or complete control over the network.

Code Snippet

Below is a simplified version of the vulnerable code in the formSetMacFilterCfg function, which can be found in the Tenda AC18 firmware:

int formSetMacFilterCfg(void *postData, void *webParams) {
  char macAddress[20];
  // ...
  strncpy(macAddress, webParams->macAddress, sizeof(macAddress));
  // ...
}

As shown above, the router uses the strncpy function to copy user input from webParams->macAddress into the macAddress buffer. The problem here is that the strncpy function does not properly validate the length of the input, which can lead to a buffer overflow if the input is too long.

Proof of Concept

An example of how an attacker may exploit this vulnerability would be to send a crafted HTTP request containing a long, malicious macAddress parameter, causing a buffer overflow and potentially executing the included malicious code:

POST /goform/SetMacFilterCfg HTTP/1.1
Host: 192.168.1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: ...

macAddress=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff...&...

Original References and Exploit Details

For more information about this vulnerability, as well as additional details regarding its exploitation, you can refer to the following resources:

1. Original advisory from Zero Day Initiative (ZDI)
2. National Vulnerability Database (NIST) entry for CVE-2022-44175
3. Exploit Database entry with working exploit code

Conclusion

The discovery of CVE-2022-44175 highlights the importance of regularly updating router firmware and monitoring for security vulnerabilities. This vulnerability serves as a reminder that even trusted devices can contain critical security flaws, putting your network and data at risk. If you are using a Tenda AC18 router with firmware version V15.03.05.19, it is recommended to update the firmware as soon as possible to mitigate the risks associated with this vulnerability.

Stay safe and keep your devices updated to protect your network.

Timeline

Published on: 11/21/2022 18:15:00 UTC
Last modified on: 11/28/2022 13:47:00 UTC