Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46262: CVE-Request/Tenda/7 at main · Ainevsia/CVE-Request

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

CVE
Open in Source
#vulnerability#dos#git

Tenda Router AC Series Vulnerability

This vulnerability lies in the /goform/setWAN page which influences the lastest version of Tenda Router AC11. (AC11_V02.03.01.104_CN)

Vulnerability description

3

There is a stack buffer overflow vulnerability in the PPPoE module.

1

the program reads user input wanPPPoEUser into variable v16 and uses nvram_set function to set the nvram variable wan0_pppoe_username, without porper length check.

2

the prograrm will then use nvram_get function to put that input into variable v63 and copy to destination 0x804948B5, which will cause a stack overflow.

So by POSTing the page /goform/setWAN with proper wanPPPoEUser, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

POC

poc

Timeline

  • 2022.01.09 report to CVE & CNVD

Acknowledgment

Credit to @cpegg, @leonW7 and @peanuts from Shanghai Jiao Tong University and TIANGONG Team of Legendsec at Qi’anxin Group.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE