Headline
CVE-2022-45640: CVE-vulns/Tenda AC6V1.0 V15.03.05.19 Stack overflow vulnerability.md at main · Double-q1015/CVE-vulns
Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).
Permalink
Cannot retrieve contributors at this time
Tenda AC6V1.0 V15.03.05.19 Stack overflow vulnerability****Firmware information
Manufacturer’s address: https://www.tenda.com.cn/
Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
Affected version
Vulnerability details
This vulnerability lies in the /goform/WifiBasicSet page,While processing the security parameters for a post request, the value is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow. The details are shown below:
POC
This PoC can result in a Dos.
Related news
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.