ID
VAR-202306-1338
CVE
CVE-2023-34832
TITLE
TP-LINK Archer AX10 Security hole
Trust: 0.6
DESCRIPTION
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. # Exploit Title: Buffer Overflow in TP-Link Archer AX10(EU)_V1.2_230220 # Exploit Author: Giuseppe Compare # Date : 26/05/2023 # CVE: CVE-2023-34832 # Vendor Homepage: https://www.tp-link.com/ # Version: TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow There is a buffer overflow in the FUN_131e8 function due to using sprintf improperly, detailed in line 47-49 memset(&DAT_000283a4,0,0x800); sprintf(&DAT_000283a4,"echo \'[ %s ] %d: get OCN v6plus rules begin\n \' > /dev/console", "https_get_rules_OCN",0x3c3); system(&DAT_000283a4); //line 47-49 sprintf((char *)&local_428, "https://rule.map.ocn.ad.jp/?ipv6Prefix=%s&ipv6PrefixLength=%d&code=e8mMWklYwaGoHmT05ynqVM4kPqF9rAUnhrWCp1vWvBeSOO0pfpMokg==" ,param_2 + 0x23,param_2[0x2d]); The sprintf() function makes no guarantees regarding the length of the generated string, a sufficiently long string passed as an additional argument could generate a buffer overflow. Remediation Guarantee that storage for strings has sufficient space for character data and the null terminator. Avoid using unsafe functions such as sprintf(), consider using snprintf() or sprintf_s() and variants. Double check that your buffer is as large as you specify. Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space
Trust: 1.08
AFFECTED PRODUCTS
| vendor: | tp link | model: | archer ax10 | scope: | eq | version: | 230220 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
EXTERNAL IDS
| db: | PACKETSTORM | id: | 172989 | Trust: 1.8 |
| db: | NVD | id: | CVE-2023-34832 | Trust: 1.8 |
| db: | CNNVD | id: | CNNVD-202306-1326 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-34832 | Trust: 0.1 |
REFERENCES
| url: | https://gist.github.com/jhacker91/2026e080a42514255e758d64b465d1d5 | Trust: 1.7 |
| url: | http://archer.com | Trust: 1.7 |
| url: | http://tp-link.com | Trust: 1.7 |
| url: | http://packetstormsecurity.com/files/172989/tp-link-archer-ax10-eu-_v1.2_230220-buffer-overflow.html | Trust: 1.7 |
| url: | https://cxsecurity.com/cveshow/cve-2023-34832/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://rule.map.ocn.ad.jp/?ipv6prefix=%s&ipv6prefixlength=%d&code=e8mmwklywagohmt05ynqvm4kpqf9raunhrwcp1vwvbesoo0pfpmokg==" | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-34832 | Trust: 0.1 |
| url: | https://www.tp-link.com/ | Trust: 0.1 |
CREDITS
Giuseppe Compare
Trust: 0.1
SOURCES
| db: | VULMON | id: | CVE-2023-34832 |
| db: | PACKETSTORM | id: | 172989 |
| db: | NVD | id: | CVE-2023-34832 |
| db: | CNNVD | id: | CNNVD-202306-1326 |
LAST UPDATE DATE
2023-06-27T03:19:54.396000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-34832 | date: | 2023-06-16T00:00:00 |
| db: | NVD | id: | CVE-2023-34832 | date: | 2023-06-23T21:19:00 |
| db: | CNNVD | id: | CNNVD-202306-1326 | date: | 2023-06-25T00:00:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-34832 | date: | 2023-06-16T00:00:00 |
| db: | PACKETSTORM | id: | 172989 | date: | 2023-06-16T16:35:27 |
| db: | NVD | id: | CVE-2023-34832 | date: | 2023-06-16T18:15:00 |
| db: | CNNVD | id: | CNNVD-202306-1326 | date: | 2023-06-16T00:00:00 |