Headline
CVE-2022-41485: Bug-Report/tenda-AC6- 0x47ce00.md at main · Davidteeri/Bug-Report
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Vulnerability Report
Vendor: Tenda
Product: AC1200 Smart Dual-Band WiFi Router
Version: US_AC6V2.0RTL_V15.03.06.51_multi_TDE01(Download Link:https://www.tendacn.com/download/detail-3794.html)
Type: Buffer Overflow
Vulnerability description
We found a buffer overflow vulnerability in AC1200 with firmware which was released recently, allows remote attackers to destory the execution memory from a crafted request. This can cause a denial of service or impact code execution.
Remote Command Execution
In httpd binary:
In function 0x47ce00, name is allocated a buffer of 0x1000 bytes for storing a variable. This value is passed to the 0x47bd44 (rtl_hw_add_list) function for processing.
In 0x47bd44, the name is copied to new through strcpy. The buffer size allocated by new is 0x488. There is no length check for that before copying. This can lead to buffer overflows.