A critical vulnerability exists in Tenda AC7 routers running Ice firmware version V15.03.06.44 that could allow an attacker to execute arbitrary code and gain full root privileges. The vulnerability exploits a buffer overflow in the formSetFirewallCfg function, which could allow a remote attacker to gain control over the router. The critical issue is in the formSetFirewallCfg function, which configures the firewall.
An attacker can send a specially crafted HTTP request with forged firewallEn parameters to the /goform/SetFirewallCfg endpoint, which would cause a buffer overflow and potentially lead to arbitrary code execution. The researchers have created a proof-of-concept (PoC) exploit that uses a Python script to send HTTP requests that trigger a buffer overflow. Initially, the exploit causes a denial of service (DoS), disabling the router. However, further modification of the malicious code allows root access to the device, allowing the attacker to intercept traffic, change network settings, and use the router for further attacks.
Tenda AC7 is a common router used in home and small office networks; Tenda AC7 owners are advised to check for firmware updates and install them as soon as possible. If official patches are not available, access to the router’s web interface should be restricted to trusted devices only. Network equipment manufacturers should implement better practices for validating input data and respond quickly to vulnerability reports.
28 
30 
37 