- Firmware download website: https://www.tenda.com.cn/download/detail-2982.html
i21 V1.0.0.14(4656)
In the i21 V1.0.0.14(4656) firmware has a stack overflow vulnerability in the formWifiMacFilterGet
function. The index
variable receives the index
parameter from a POST request. However, since the user can control the input of index
, the statement sprintf(mib_prefix, "wl2g.ssid%s.", index);
can cause a buffer overflow. The user-provided index
can exceed the capacity of the mib_prefix
array, triggering this security vulnerability.
payload = b"a"*2000
data = {"wl_radio": "0", "index": payload}
response = requests.post(url, data=data)