Appliance Details
Tenda AC9 is a dual-band wireless router.
Vulnerability
Tenda AC9 is vulnerable to a denial of service, caused by a stack-based buffer overflow in form_fast_setting_wifi_set in the httpd server.
Identification
By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a Denial of Service.
POST /goform/fast_setting_wifi_setPAYLOAD - ssid=aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaabbbbDetection
By turning this into a traffic file and matching rule, we are able to detect buffer overflow attempts.
Coverage
Idappcom has created signature 8023004 for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional