| Название | Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE |
|---|
| Описание | Vulnerability level: High risk (RCE)
Affected version: Firmware version <= Firmware v1.0_v15.03.06.44
Through the /bin/httpd binary file, we can find the formSetMacFilterCfg function.
The webGetVar program is used to obtain parameters. The parameters of deviceList are directly parsed without any detection
Continue to follow up, the final parameter will be passed to parse_macfilter_rule, strcpy can overflow here to control the return address, here we construct the rop chain to execute system('/bin/sh'), and finally successfully getshell, the attacker can remotely attack |
|---|
| Источник | ⚠️ https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md |
|---|
| Пользователь | liuchangwei (UID 86561) |
|---|
| Представление | 20.07.2025 17:46 (11 месяцы назад) |
|---|
| Модерация | 22.07.2025 09:16 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 317220 [Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList повреждение памяти] |
|---|
| Баллы | 20 |
|---|