lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <LNXP265MB0571F03236D91A5EDF29E99CA1F50@LNXP265MB0571.GBRP265.PROD.OUTLOOK.COM>
Date: Wed, 14 Feb 2018 22:11:18 +0000
From: Kurtis <kurtis@...usinfosec.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda
 AC15 Router

** Advisory Information

Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router
Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
Vendor: Tenda
Date Published: 14/02/2018
CVE: CVE-2018-5767


** Vulnerability Summary

The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf.

** Vendor Response

Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation.


** Report Timeline

Vulnerability discovered and first reported - 14/1/2018

Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018

CVE's assigned by Mitre.org - 19/1/2018

Livechat attempt to contact vendor - 19/1/2018

Another attempt to contact vendor 23/1/2018

Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018

Final contact attempted & warning of public disclosure - 8/2/2018

Public disclosure - 14/2/2018

** Credit

This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus
Information Security research team.


** References

https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/


** Disclaimer

This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/


[https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ