| عنوان | Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE |
|---|
| الوصف | Vulnerability level: High risk (RCE)
Affected version: Firmware version <= Firmware v1.0_v15.03.06.44
Through the /bin/httpd binary file, we can find the formSetMacFilterCfg function.
The webGetVar program is used to obtain parameters. The parameters of deviceList are directly parsed without any detection
Continue to follow up, the final parameter will be passed to parse_macfilter_rule, strcpy can overflow here to control the return address, here we construct the rop chain to execute system('/bin/sh'), and finally successfully getshell, the attacker can remotely attack |
|---|
| المصدر | ⚠️ https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md |
|---|
| المستخدم | liuchangwei (UID 86561) |
|---|
| ارسال | 20/07/2025 05:46 PM (11 أشهر منذ) |
|---|
| الاعتدال | 22/07/2025 09:16 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 317220 [Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|