forked from expzhizhuo/cve_info_data
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d6457eb
commit 5bacac2
Showing
552 changed files
with
7,538 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
.DS_Stor | ||
.idea | ||
.vscode | ||
.git |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
D-link DIR-645 Command Execution Vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
dir645_FW_103.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[legacyfiles.us.dlink.com - /DIR-645/REVA/FIRMWARE/](http://legacyfiles.us.dlink.com/DIR-645/REVA/FIRMWARE/) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the cgibin file, the "ssdpcgi_main" function retrieves data from the front-end and passes it as a parameter without filtering to the "lxmldbc_system" function for execution, resulting in a command execution vulnerability. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/D-LINK/DIR-645/cmd/1/upload/image-20230813210630010.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
The function "sub_83AEC" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
![image-20230813123150600](upload\image-20230813123150600.png) | ||
|
||
![image-20230813123206669](upload\image-20230813123206669.png) | ||
|
||
![image-20230813123224788](upload\image-20230813123224788.png) | ||
|
||
![image-20230813123247074](upload\image-20230813123247074.png) | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function "sub_7D858" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/11/upload/image-20230813124329088.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/11/upload/image-20230813124407430.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
## **5、CVE-2023-40848** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function "initIpAddrInfo" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/upload/image-20230813124913734.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/upload/image-20230813124941619.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
## **5、CVE-2023-40847** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
The function "wan_lan_same_deal" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
![image-20230813125226841](upload\image-20230813125226841.png) | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'dhttpd' file, the function 'sub_34FD0' contains a stack based buffer overflow vulnerability. In a function, it reads user provided parameters and passes variables to the function without any length checks, which may lead to stack based buffer overflow. Therefore, by requesting a page, attackers can easily execute denial of service attacks or remote code execution using carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/upload/image-20230813125810267.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
||
## **5、CVE-2023-40845** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function 'formWifiBasicSet' contains a stack based buffer overflow vulnerability. In a function, it reads user provided parameters and passes variables to the function without any length checks, which may lead to stack based buffer overflow. Therefore, by requesting a page, attackers can easily execute denial of service attacks or remote code execution using carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103647151.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103708635.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/upload/image-20230813103724952.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
## **5、CVE-2023-40844** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
The function "formGetParentCtrlList" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
![image-20230813104010238](upload\image-20230813104010238.png) | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function "R7WebsSecurityHandler" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/upload/image-20230813104301766.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/upload/image-20230813104330977.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
||
## **5、CVE-2023-40842** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function "add_white_node" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/upload/image-20230813104513986.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
## **5、CVE-2023-40841** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
In the 'httpd' file, the function "fromGetWirelessRepeat" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/upload/image-20230813104721152.png | ||
|
||
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/upload/image-20230813104746352.png | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
## **5、CVE-2023-40840** |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
## **0、Vulnerability Introduction** | ||
|
||
``` | ||
Tenda AC6 stack overflow vulnerability | ||
``` | ||
|
||
## **1、Affected version** | ||
|
||
``` | ||
US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin | ||
``` | ||
|
||
## **2、Firmware download address** | ||
|
||
[AC6V1.0升级软件_腾达(Tenda)官方网站](https://www.tenda.com.cn/download/detail-2661.html) | ||
|
||
## **3、Vulnerability details** | ||
|
||
``` | ||
The function "formAdvGetLanIp" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data. | ||
``` | ||
|
||
![image-20230813105409991](upload\image-20230813105409991.png) | ||
|
||
## **4、Recurring vulnerabilities and POC** | ||
|
||
``` | ||
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time. | ||
``` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.