Exploits for Tenda Ac8v4 stack-based overflow to Remote-Code Execution via Mipsel Ropping (CVE-2023-33669 - CVE-2023-33675)# Tenda-Ac8v4-PoC
Tenda Ac8v4 Stack-Based Overflow to Remote-Code Execution via execution-flow hijacking & multiple-register manipulation exploitation; CVEs are:
* `CVE-2023-33675`
* `CVE-2023-33673`
* `CVE-2023-33672`
* `CVE-2023-33671`
* `CVE-2023-33670`
* `CVE-2023-33669`
Marked as `N1` - `N7`
## `rop.py`
* make sure you hosted `tftp` on accessible machine; specific it by `args.attacker_host`;
* make sure pre-compiled loader `rs` is hosted in `tftp`;
* reverse-shell connection will be listen in-script.
[4.0K] /data/pocs/7adec821d70b920e2d02abcc14e528429bc850dc
├── [4.0K] cve-reports
│ ├── [4.0K] N1
│ │ ├── [356K] qemu_httpd_20230516-211911_1801.core
│ │ └── [1.4K] README.md
│ ├── [4.0K] N2
│ │ ├── [356K] qemu_httpd_20230516-212051_1817.core
│ │ └── [1.1K] README.md
│ ├── [4.0K] N3
│ │ ├── [360K] qemu_httpd_20230516-212506_1852.core
│ │ └── [1.3K] README.md
│ ├── [4.0K] N4
│ │ ├── [356K] qemu_httpd_20230516-212838_1949.core
│ │ └── [1.3K] README.md
│ ├── [4.0K] N5
│ │ ├── [356K] qemu_httpd_20230516-213000_1966.core
│ │ └── [1.7K] README.md
│ ├── [4.0K] N6
│ │ ├── [356K] qemu_httpd_20230516-213115_1983.core
│ │ └── [1.3K] README.md
│ └── [4.0K] N7
│ ├── [356K] qemu_httpd_20230516-213242_2000.core
│ └── [1.4K] README.md
├── [4.0K] exploit
│ ├── [7.4K] rop.py
│ ├── [658K] rs
│ └── [ 600] rs.c
└── [ 515] README.md
9 directories, 18 files