Skip to content

Commit

Permalink
update some vul
Browse files Browse the repository at this point in the history
  • Loading branch information
expzhizhuo committed Sep 4, 2023
1 parent d6457eb commit 5bacac2
Show file tree
Hide file tree
Showing 552 changed files with 7,538 additions and 0 deletions.
Binary file modified .DS_Store
Binary file not shown.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
.DS_Stor
.idea
.vscode
.git
Binary file added D_Link_Vuln/.DS_Store
Binary file not shown.
30 changes: 30 additions & 0 deletions Digging/D-LINK/DIR-645/cmd/1/1.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## **0、Vulnerability Introduction**

```
D-link DIR-645 Command Execution Vulnerability
```

## **1、Affected version**

```
dir645_FW_103.bin
```

## **2、Firmware download address**

[legacyfiles.us.dlink.com - /DIR-645/REVA/FIRMWARE/](http://legacyfiles.us.dlink.com/DIR-645/REVA/FIRMWARE/)

## **3、Vulnerability details**

```
In the cgibin file, the "ssdpcgi_main" function retrieves data from the front-end and passes it as a parameter without filtering to the "lxmldbc_system" function for execution, resulting in a command execution vulnerability.
```

https://github.com/XYIYM/Digging/blob/main/D-LINK/DIR-645/cmd/1/upload/image-20230813210630010.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
36 changes: 36 additions & 0 deletions Digging/Tenda/AC6/bof/10/10.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
The function "sub_83AEC" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

![image-20230813123150600](upload\image-20230813123150600.png)

![image-20230813123206669](upload\image-20230813123206669.png)

![image-20230813123224788](upload\image-20230813123224788.png)

![image-20230813123247074](upload\image-20230813123247074.png)

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
32 changes: 32 additions & 0 deletions Digging/Tenda/AC6/bof/11/11.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function "sub_7D858" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/11/upload/image-20230813124329088.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/11/upload/image-20230813124407430.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```
## **5、CVE-2023-40848**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
32 changes: 32 additions & 0 deletions Digging/Tenda/AC6/bof/12/12.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function "initIpAddrInfo" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/upload/image-20230813124913734.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/upload/image-20230813124941619.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```
## **5、CVE-2023-40847**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions Digging/Tenda/AC6/bof/13/13.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
The function "wan_lan_same_deal" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

![image-20230813125226841](upload\image-20230813125226841.png)

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
31 changes: 31 additions & 0 deletions Digging/Tenda/AC6/bof/14/14.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'dhttpd' file, the function 'sub_34FD0' contains a stack based buffer overflow vulnerability. In a function, it reads user provided parameters and passes variables to the function without any length checks, which may lead to stack based buffer overflow. Therefore, by requesting a page, attackers can easily execute denial of service attacks or remote code execution using carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/upload/image-20230813125810267.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

## **5、CVE-2023-40845**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
34 changes: 34 additions & 0 deletions Digging/Tenda/AC6/bof/2/2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function 'formWifiBasicSet' contains a stack based buffer overflow vulnerability. In a function, it reads user provided parameters and passes variables to the function without any length checks, which may lead to stack based buffer overflow. Therefore, by requesting a page, attackers can easily execute denial of service attacks or remote code execution using carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103647151.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103708635.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103724952.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```
## **5、CVE-2023-40844**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions Digging/Tenda/AC6/bof/3/3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
The function "formGetParentCtrlList" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

![image-20230813104010238](upload\image-20230813104010238.png)

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
33 changes: 33 additions & 0 deletions Digging/Tenda/AC6/bof/4/4.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function "R7WebsSecurityHandler" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/upload/image-20230813104301766.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/upload/image-20230813104330977.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

## **5、CVE-2023-40842**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions Digging/Tenda/AC6/bof/5/5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function "add_white_node" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/upload/image-20230813104513986.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```
## **5、CVE-2023-40841**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
32 changes: 32 additions & 0 deletions Digging/Tenda/AC6/bof/6/6.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
In the 'httpd' file, the function "fromGetWirelessRepeat" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/upload/image-20230813104721152.png

https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/upload/image-20230813104746352.png

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```
## **5、CVE-2023-40840**
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
30 changes: 30 additions & 0 deletions Digging/Tenda/AC6/bof/7/7.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
## **0、Vulnerability Introduction**

```
Tenda AC6 stack overflow vulnerability
```

## **1、Affected version**

```
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin
```

## **2、Firmware download address**

[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html)

## **3、Vulnerability details**

```
The function "formAdvGetLanIp" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
```

![image-20230813105409991](upload\image-20230813105409991.png)

## **4、Recurring vulnerabilities and POC**

```
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
```

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 5bacac2

Please sign in to comment.