Tenda AC15 suffers from a buffer overflow vulnerability that allows for code execution.
72acd8ec6104f2a685fa1d83a2a72be2
** Advisory Information
Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router
Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
Vendor: Tenda
Date Published: 14/02/2018
CVE: CVE-2018-5767
** Vulnerability Summary
The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf.
** Vendor Response
Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation.
** Report Timeline
Vulnerability discovered and first reported - 14/1/2018
Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018
CVE's assigned by Mitre.org - 19/1/2018
Livechat attempt to contact vendor - 19/1/2018
Another attempt to contact vendor 23/1/2018
Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018
Final contact attempted & warning of public disclosure - 8/2/2018
Public disclosure - 14/2/2018
** Credit
This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus
Information Security research team.
** References
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
** Disclaimer
This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
[https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]