Stack Overflow Vulnerability in Tenda AX12 Router
write in front
Tenda official website: https://www.tenda.com.cn/default.html
About Tenda: https://www.tenda.com.cn/profile/contact.html
Firmware download: https://www.tenda.com.cn/download/
Affect version
The picture shows the latest version
Vulnerability Details
The program passes the content of the lanip parameter to v4, and then uses the sscanf function to format the matched content into the stack of v20, v21, v22, and v23 through regular expressions, without checking the size. There is a stack overflow vulnerability
Vulnerability reproduction and POC
In order to reproduce the vulnerability, the following steps can be followed:
-
Use fat to simulate firmware V15.03.2.21_cn
-
Attack using the following POC attack
The picture shows the effect of POC attack