Skip to content

Instantly share code, notes, and snippets.

View xyqer1's full-sized avatar

xyqer1

1 follower · 0 following
View GitHub Profile
@xyqer1
xyqer1 / TOTOLINK-N600R-setWanConfig-StackOverflow.md
Last active April 9, 2025 09:39
@xyqer1
xyqer1 / TOTLINK-N600R-setWiFiWpsConfig-StackOverflow.md
Last active April 9, 2025 09:45
@xyqer1
xyqer1 / RE11S_1.11-formiNICbasicREP-StackOverflow.md
Created April 8, 2025 08:59

RE11S_1.11-formiNICbasicREP-StackOverflow

During my internship at Qi An Xin Tiangong Lab, I discovered a stack overflow vulnerability in the RE11S_1.11 router.

By analyzing the webs file in the bin directory, I found that the function formiNICbasicREP contains a stack overflow vulnerability.

The stack overflow can be triggered by the rootAPmac key value, which leads to a sprintf stack overflow.

image-20241224111726349

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow.md
Created April 8, 2025 09:05

Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow

During my internship at Qi An Xin Tiangong Lab, I discovered a stack overflow vulnerability in the Tenda-AC10 router.

By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.

The stack overflow can be triggered by the mac2 key value, which leads to a strcpy stack overflow.

image-20250110175336927

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow.md
Created April 8, 2025 09:07

Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow

During my internship at Qi An Xin Tiangong Lab, I discovered a stack overflow vulnerability in the Tenda-AC10 router.

By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.

The stack overflow can be triggered by the serverName2 key value, which leads to a strcpy stack overflow.

image-20250110175336927

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-serviceName2-StackOverflow.md
Last active April 17, 2025 06:54

Tenda-AC10-AdvSetMacMtuWan-wanSpeed2-StackOverflow

Vulnerability Details

  • Affected Firmware: US_AC10V4.0si_V16.03.10.20_cn_TDC01
  • CVE-ID: CVE-2025-25454
  • Root Cause: By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.
  • Impact: Remote unauthenticated attackers can execute arbitrary commands as root.

Vendor Information

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-wanMTU2-StackOverflow.md
Last active April 17, 2025 06:48

Tenda-AC10-AdvSetMacMtuWan-wanMTU2-StackOverflow

Vulnerability Details

  • Affected Firmware: US_AC10V4.0si_V16.03.10.20_cn_TDC01
  • CVE-ID: CVE-2025-25455
  • Root Cause: By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.
  • Impact: Remote unauthenticated attackers can hijack the program's control flow.

Vendor Information

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-wanSpeed2-StackOverflow.md
Created April 8, 2025 09:11

Tenda-AC10-AdvSetMacMtuWan-wanSpeed2-StackOverflow

During my internship at Qi An Xin Tiangong Lab, I discovered a stack overflow vulnerability in the Tenda-AC10 router.

By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.

The stack overflow can be triggered by the wanSpeed2 key value, which leads to a strcpy stack overflow.

image-20250110175336927

@xyqer1
xyqer1 / Tenda-AC10-AdvSetMacMtuWan-cloneType2-StackOverflow.md
Last active April 17, 2025 07:58

Tenda-AC10-AdvSetMacMtuWan-cloneType2-StackOverflow

Vulnerability Details

  • Affected Firmware: US_AC10V4.0si_V16.03.10.20_cn_TDC01
  • CVE-ID: CVE-2025-25457
  • Root Cause: By analyzing the webs file in the bin directory, I found that the function 0x45C380 contains a stack overflow vulnerability.
  • Impact: Remote unauthenticated attackers can execute arbitrary commands as root.

Vendor Information

@xyqer1
xyqer1 / Dlink-dir-823x-diag_nslookup-target_addr-CommandInjection.md
Last active April 17, 2025 08:15