Vulners
Lucene search
TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | The vulnerability of TP-Link Archer AX10 router’s microprogramming software lies in the copying of buffers without checking the size of the input data. This allows an attacker to trigger a memory buffer overflow. | 30 Jun 202300:00 | – | bdu_fstec |
 | TP-LINK Archer AX10 安全漏洞 | 16 Jun 202300:00 | – | cnnvd |
 | CVE-2023-34832 | 16 Jun 202300:00 | – | cve |
 | CVE-2023-34832 | 16 Jun 202300:00 | – | cvelist |
 | EUVD-2023-38873 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-34832 | 16 Jun 202318:15 | – | nvd |
 | CVE-2023-34832 | 16 Jun 202318:15 | – | osv |
 | Buffer overflow | 16 Jun 202318:15 | – | prion |
 | PT-2023-3362 · Tp Link · Tp-Link Archer A10 | 16 Jun 202300:00 | – | ptsecurity |
 | CVE-2023-34832 | 23 May 202503:27 | – | redhatcve |
10
# Exploit Title: Buffer Overflow in TP-Link Archer AX10(EU)_V1.2_230220
# Exploit Author: Giuseppe Compare
# CVE: CVE-2023-34832
# Vendor Homepage: https://www.tp-link.com/
# Version: TP-Link Archer AX10(EU)_V1.2_230220
Buffer Overflow
There is a buffer overflow in the FUN_131e8 function due to using sprintf improperly, detailed in line 47-49
memset(&DAT_000283a4,0,0x800);
sprintf(&DAT_000283a4,"echo \'[ %s ] %d: get OCN v6plus rules begin\n \' > /dev/console", "https_get_rules_OCN",0x3c3); system(&DAT_000283a4);
//line 47-49
sprintf((char *)&local_428, "https://rule.map.ocn.ad.jp/?ipv6Prefix=%s&ipv6PrefixLength=%d&code=e8mMWklYwaGoHmT05ynqVM4kPqF9rAUnhrWCp1vWvBeSOO0pfpMokg==" ,param_2 + 0x23,param_2[0x2d]);
The sprintf() function makes no guarantees regarding the length of the generated string, a sufficiently long string passed as an additional argument could generate a buffer overflow.
Remediation
Guarantee that storage for strings has sufficient space for character data and the null terminator.
Avoid using unsafe functions such as sprintf(), consider using snprintf() or sprintf_s() and variants.
Double check that your buffer is as large as you specify.
Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.19.8
EPSS0.00189
SSVC