| 제목 | Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE |
|---|
| 설명 | Vulnerability level: High risk (RCE)
Affected version: Firmware version <= Firmware v1.0_v15.03.06.44
Through the /bin/httpd binary file, we can find the formSetMacFilterCfg function.
The webGetVar program is used to obtain parameters. The parameters of deviceList are directly parsed without any detection
Continue to follow up, the final parameter will be passed to parse_macfilter_rule, strcpy can overflow here to control the return address, here we construct the rop chain to execute system('/bin/sh'), and finally successfully getshell, the attacker can remotely attack |
|---|
| 원천 | ⚠️ https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md |
|---|
| 사용자 | liuchangwei (UID 86561) |
|---|
| 제출 | 2025. 07. 20. PM 05:46 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 22. AM 09:16 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 317220 [Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|