CVE-2023-33672: Tenda-CVE/README.md at main · DDizzzy79/Tenda-CVE

Permalink

Vulnerability Description

A stack-based overflow vulnerability can be triggered by via the in the fromSetWifiGusetBasic function in the /bin/httpd file.

Affected version:

US_AC8V4.0si_V16.03.34.06

To download the firmware: https://www.tenda.com.cn/download/detail-3518.html

Exploition details:

This vulnerability can be attacked through a remote network. The attacker only needs to send a specially crafted POST request to the target server. In this request, the attacker can pass in a load containing specific data via the shareSpeed parameter, which causes a memory overflow. This attack does not require any user interaction.

call chain : WifiGuestSet->fromSetWifiGusetBasic

Result

This resulted a crash of the program, Verified locally Core dump is in the same dir

PoC :

In Additional information