Headline
CVE-2023-33669: Tenda-CVE/README.md at main · DDizzzy79/Tenda-CVE
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.
Permalink
Cannot retrieve contributors at this time
Vulnerability Description
A stack-based overflow vulnerability can be triggered via the sub_44db3c function in the /bin/httpd file.
Affected version:
US_AC8V4.0si_V16.03.34.06
To download the firmware: https://www.tenda.com.cn/download/detail-3518.html
Exploition details:
This is a buffer overflow vulnerability in the function sub_44db3c, which handles the timeZone parameter. Upon receiving a POST request containing the timeZone parameter, the function sub_44db3c allocates a buffer var10 of size 8 bytes on the stack, and then uses the sscanf function to attempt to read two strings from the timeZone parameter and store them in the var10 variable. Since there is no limit on the input length, if the input string is longer than 8 bytes, it will result in a stack overflow. An attacker could exploit this vulnerability to execute arbitrary code on the target system.
Call chain : fast_setting_wifi_set -> form_fast_setting_wifi_set -> sub_44db3c
Result
Cause crash (and possible rce) by stack overflow. Core dump is in the same dir
PoC :
In Additional information