### Key Information #### Vulnerability Description - **Vulnerability Type**: Stack Overflow - **Affected Version**: Tenda AC7 V1.0 firmware version V15.03.06.44 - **Vulnerability Level**: High Risk (RCE) #### Vulnerability Details - A stack overflow vulnerability exists in the `parse_macfilter_rule` function. - The `setMacFilterCfg` function within the `/bin/httpd` binary allows setting MAC filtering rules. - Attackers can trigger a stack overflow by crafting malicious `mac_filter_rules` parameters, thereby controlling the return address and executing arbitrary code. #### Vulnerability Code Snippet ```c // Relevant code snippet rule_list = webGetVar(req, "macfilterlist", defaultGetValue); error_code = set_macfilter_rules(mac_filter_mode, rule_list); if ( error_code ) { memset(cgi_debug_8, 0, sizeof(cgi_debug_8)); printf( "%s[%x:%x:%x] %sset mac filter rules error!%n\x1B[0m", debug_color_6[3], "parseMacFilterCfg", 500, debug_color_6[2]); } ``` #### Exploitation Process - Attackers can exploit this vulnerability to gain remote shell access. - A POC (Proof of Concept) code is provided, demonstrating how to exploit the vulnerability. #### Successful Exploitation Example - Successfully obtained a shell on the target device, proving the exploitability of the vulnerability. #### Summary This vulnerability allows attackers to trigger a stack overflow by crafting malicious input data, thereby gaining control over the target device and executing arbitrary commands. Affected users are advised to update their firmware promptly or take other security measures to prevent exploitation.