Google Drive
Gist
Clipboard
vendor:Tenda
product:G1,G3
version:V15.11.0.17(9502)_CN(G1), V15.11.0.17(9502)_CN(G3)
type:Buffer Overflow
author:Jinwen Zhou、Yifeng Li、Yongjie Zheng;
institution:potatso@scnu、feng@scnu、eifiz@scnu
We found a buffer overflow vulnerability in Tenda Technology Tenda's G1 and G3 routers with firmware which was released recently,allows remote attackers to execute arbitrary code from a crafted GET request.
In formIPMacBindDel function, the parameter "IPMacBindIndex" is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow.
We set the value of IPMacBindIndex as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe