Tenda AC15 Remote Code Execution

2018.02.18
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

** Advisory Information Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vendor: Tenda Date Published: 14/02/2018 CVE: CVE-2018-5767 ** Vulnerability Summary The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf. ** Vendor Response Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation. ** Report Timeline Vulnerability discovered and first reported - 14/1/2018 Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018 CVE's assigned by Mitre.org - 19/1/2018 Livechat attempt to contact vendor - 19/1/2018 Another attempt to contact vendor 23/1/2018 Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018 Final contact attempted & warning of public disclosure - 8/2/2018 Public disclosure - 14/2/2018 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ [https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top