- Firmware download website: https://www.tenda.com.cn/download/detail-2747.html
i22 V1.0.0.3(4687)
In the i22 V1.0.0.3(4687) firmware has a stack overflow vulnerability in the formSetUrlFilterRule function. The v1 variable receives the groupIndex parameter from a POST request and is passed to function sub_75B4C as a3. In function sub_75B4C, variable a3 is passed to function sub_752D4 as a2. However, since the user can control the input of groupIndex, the statement sprintf(v7, "%s%d", a1, a2); can cause a buffer overflow. The user-provided groupIndex can exceed the capacity of the v7 array, triggering this security vulnerability.
data = {"groupIndex": payload}
response = requests.post(url, data=data)