Headline
CVE-2022-41481: Bug-Report/tenda-AC6- 0x47de1c.md at main · Davidteeri/Bug-Report
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Vulnerability Report
Vendor: Tenda
Product: AC1200 Smart Dual-Band WiFi Router
Version: US_AC6V2.0RTL_V15.03.06.51_multi_TDE01(Download Link:https://www.tendacn.com/download/detail-3794.html)
Type: Buffer Overflow
Vulnerability description
We found a buffer overflow vulnerability in AC1200 with firmware which was released recently, allows remote attackers to destory the execution memory from a crafted request. This can cause a denial of service or impact code execution.
Remote Command Execution
In httpd binary:
In the function 0x47de1c (readUsb), the mountpoint and filename are copied to mntFileName through sprntf, but there is no length check for these two variables, which will cause the buffer to be destroyed.