Skip to content

NSSCYCTFER/SRC-CVE

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Stack Overflow Vulnerability in Tenda AX12 Router

write in front

Tenda official website: https://www.tenda.com.cn/default.html

About Tenda: https://www.tenda.com.cn/profile/contact.html

Firmware download: https://www.tenda.com.cn/download/

Affect version

image

The picture shows the latest version

Vulnerability Details

image

The program passes the content of the lanip parameter to v4, and then uses the sscanf function to format the matched content into the stack of v20, v21, v22, and v23 through regular expressions, without checking the size. There is a stack overflow vulnerability

Vulnerability reproduction and POC

In order to reproduce the vulnerability, the following steps can be followed:

  1. Use fat to simulate firmware V15.03.2.21_cn

  2. Attack using the following POC attack

image

image

The picture shows the effect of POC attack

About

CVE666

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published