exploit the possibilities

Tenda AC15 Remote Code Execution

Tenda AC15 Remote Code Execution
Posted Feb 16, 2018
Authored by Tim Carrington | Site fidusinfosec.com

Tenda AC15 suffers from a buffer overflow vulnerability that allows for code execution.

tags | advisory, overflow, code execution
advisories | CVE-2018-5767
MD5 | 72acd8ec6104f2a685fa1d83a2a72be2

Tenda AC15 Remote Code Execution

Change Mirror Download
** Advisory Information

Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router
Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
Vendor: Tenda
Date Published: 14/02/2018
CVE: CVE-2018-5767


** Vulnerability Summary

The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf.

** Vendor Response

Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation.


** Report Timeline

Vulnerability discovered and first reported - 14/1/2018

Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018

CVE's assigned by Mitre.org - 19/1/2018

Livechat attempt to contact vendor - 19/1/2018

Another attempt to contact vendor 23/1/2018

Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018

Final contact attempted & warning of public disclosure - 8/2/2018

Public disclosure - 14/2/2018

** Credit

This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus
Information Security research team.


** References

https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/


** Disclaimer

This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/


[https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close