Headline

CVE-2022-36587: Bug-Report/tenda-G3- 0x53208.md at main · Davidteeri/Bug-Report

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary.

2 years ago

CVE

Open in Source

#vulnerability #web #dos #buffer_overflow

Vulnerability Report

Vendor: Tenda

Product: G3 QoS VPN Router / Gateway

Version: 3.0(Download Link:https://www.tendacn.com/download/detail-3401.html)

Type: Buffer Overflow

Vulnerability description

We found an buffer overflow vulnerability in G3 with firmware which was released recently, allows remote attackers to destory the execution memory from a crafted request. This can cause a denial of service or impact code execution.

Remote Command Execution

In httpd binary:

The 0x53208 function, portMirrorMirroredPorts is directly passed by the attacker, so we can control the pMirroredPorts value.

As you can see here, the input has not been checked. And then,call the function websGetVar to get this input.

pMirroredPorts will be saved to sMibValue via sprintf. The length of sMibValue is 256 bytes. And the length of pMirroredPorts is not checked, which will lead to buffer overflow.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago