Skip to content

Latest commit

 

History

History
43 lines (24 loc) · 1.68 KB

TendaAC15-vul.md

File metadata and controls

43 lines (24 loc) · 1.68 KB
Raw
Error in user YAML: (<unknown>): could not find expected ':' while scanning a simple key at line 3 column 1
---
title: TendaAC15_vul
date: 2022-03-31 17:31:30
tags:CVE
---

TendaAC15_Vul

Vender

Tenda

Official website :https://www.tendacn.com/

link::https://www.tendacn.com/download/detail-3851.html

name:US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin

Vulnerability1

Detail

​ The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971

image-20220331155216047

​ Therefore, adding a string of useless characters after straip and endip in the sent postData can cause the web end to crash

image-20220331160446799

Vulnerability2

Detail

​ There is command injection at the /goform/setsambacfg interface of Tenda ac15 device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution

image-20220331160952663

​ Similarly, the packet that triggers this vulnerability is very simple

image-20220331190716260

image-20220331185508534