Headline
CVE-2022-28557: TendaAC15_vul/TendaAC15-vul.md at main · doudoudedi/TendaAC15_vul
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
— title: TendaAC15_vul date: 2022-03-31 17:31:30 tags:CVE
TendaAC15_Vul****Vender
Tenda
Official website :https://www.tendacn.com/
link::https://www.tendacn.com/download/detail-3851.html
name:US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin
Vulnerability1****Detail
The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
Therefore, adding a string of useless characters after straip and endip in the sent postData can cause the web end to crash
Vulnerability2****Detail
There is command injection at the /goform/setsambacfg interface of Tenda ac15 device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
Similarly, the packet that triggers this vulnerability is very simple
Related news
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.