CVE-2023-46371 PoC — TP-Link TL-WDR7660 缓冲区错误漏洞

Source

https://github.com/Jianchun-Ding/CVE-poc-update

Associated Vulnerability

Title:TP-Link TL-WDR7660 缓冲区错误漏洞 (CVE-2023-46371)
Description:TP-LINK TL-WDR7660是中国普联（TP-LINK）公司的一款千兆路由器。 TP-Link TL-WDR7660 2.0.30版本存在安全漏洞，该漏洞源于upgradeInfoJsonToBin函数存在堆栈溢出。

Description

CVE-2023-46371 and CVE-2023-46527 update

Readme

# CVE-poc-update
CVE-2023-46371 and CVE-2023-46527 update

`CVE-2023-46371`: A new device is discovered containing the same vulnerability:`CVE-2023-46371` vulnerability was discovered on `TP_WR886N 2.0.12` device.TP-Link device `TL-WDR7660 2.0.30` and `TL-WR886N 2.0.12` have a stack overflow vulnerability via the function upgradeInfoJsonToBin.

`CVE-2023-46527`: A new device is discovered containing the same vulnerability:`CVE-2023-46527` vulnerability was discovered on `TL-WDR7660 2.0.30` device. TP-LINK device `TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin` and `TL-WDR7660 2.0.30` were discovered to contain a stack overflow via the function bindRequestHandle.

File Snapshot


 [4.0K]  /data/pocs/ab2ffab684167618da8f10ac74ae71fd377adf22
├── [4.0K]  CVE提交更新
│   ├── [4.0K]  CVE-2023-46371
│   │   ├── [ 504]  CVE-2023-46371.py
│   │   └── [1.4M]  CVE-2023-46371在TP_WR886N_2.0.12上复现.mp4
│   └── [4.0K]  CVE-2023-46527
│       ├── [ 363]  CVE-2023-46527.py
│       └── [1.3M]  CVE-2023-46527在TP_wdr7660_2.0.30复现.mp4
└── [ 673]  README.md

3 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!