or
or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up
Syntax | Example | Reference | |
---|---|---|---|
# Header | Header | 基本排版 | |
- Unordered List |
|
||
1. Ordered List |
|
||
- [ ] Todo List |
|
||
> Blockquote | Blockquote |
||
**Bold font** | Bold font | ||
*Italics font* | Italics font | ||
~~Strikethrough~~ | |||
19^th^ | 19th | ||
H~2~O | H2O | ||
++Inserted text++ | Inserted text | ||
==Marked text== | Marked text | ||
[link text](https:// "title") | Link | ||
 | Image | ||
`Code` | Code |
在筆記中貼入程式碼 | |
```javascript var i = 0; ``` |
|
||
:smile: | ![]() |
Emoji list | |
{%youtube youtube_id %} | Externals | ||
$L^aT_eX$ | LaTeX | ||
:::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx
tenda overflow vulnerability
vendor:Tenda
product:G1,G3
version:V15.11.0.17(9502)_CN(G1), V15.11.0.17(9502)_CN(G3)
type:Buffer Overflow
author:Jinwen Zhou、Yifeng Li、Yongjie Zheng;
institution:potatso@scnu、feng@scnu、eifiz@scnu
Vulnerability description
We found a buffer overflow vulnerability in Tenda Technology Tenda's G1 and G3 routers with firmware which was released recently,allows remote attackers to execute arbitrary code from a crafted GET request.
Buffer Overflow vulnerability
In formDelPortMapping function, the parameter "portMappingIndex" is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow.
PoC
Buffer Overflow
We set the value of portMappingIndex as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.