| Título | Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE |
|---|
| Descrição | Vulnerability level: High risk (RCE)
Affected version: Firmware version <= Firmware v1.0_v15.03.06.44
Through the /bin/httpd binary file, we can find the formSetMacFilterCfg function.
The webGetVar program is used to obtain parameters. The parameters of deviceList are directly parsed without any detection
Continue to follow up, the final parameter will be passed to parse_macfilter_rule, strcpy can overflow here to control the return address, here we construct the rop chain to execute system('/bin/sh'), and finally successfully getshell, the attacker can remotely attack |
|---|
| Fonte | ⚠️ https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md |
|---|
| Utilizador | liuchangwei (UID 86561) |
|---|
| Submissão | 20/07/2025 17h46 (há 11 meses) |
|---|
| Moderação | 22/07/2025 09h16 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 317220 [Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList Excesso de tampão] |
|---|
| Pontos | 20 |
|---|