关联漏洞
标题:NETGEAR R6700 缓冲区错误漏洞 (CVE-2020-15416)Description:NETGEAR R6700是美国网件(NETGEAR)公司的一款无线路由器。 NETGEAR R6700 V1.0.4.84_10.0.58版本中的httpd服务存在缓冲区错误漏洞,该漏洞源于程序将用户提供的数据复制到基于栈的固定缓冲区之前,没有正确验证数据长度。攻击者可利用该漏洞绕过身份验证。
Description
https://www.zerodayinitiative.com/advisories/ZDI-20-712/
介绍
# R7000_httpd_BOF(CVE-2020-15416)
I demenstrated you on how to set up a debugging environment using QEMU user mode for Netgear R7000 wifi router. Then I provide a walkthrough of an Exploit of Netgear WiFi Router httpd Buffer Overflow Vulnerability(CVE-2020-15416). It refers to https://www.zerodayinitiative.com/advisories/ZDI-20-712/.
The detailed analysis refers to A_Walkthrough_of_an_Exploit_of_Netgear_WiFi_Router_httpd_Buffer_Overflow_Vulnerability.pdf
文件快照
[4.0K] /data/pocs/b47943efe4b842c80f63b1a3b8c12f05675968e1
├── [8.9M] A_Walkthrough_of_an_Exploit_of_Netgear_WiFi_Router_httpd_Buffer_Overflow_Vulnerability.pdf
├── [1.6K] exploit_r7000.py
├── [1.8M] httpd
├── [1.8M] httpd_r7000_patch
├── [940K] httpd_RBS40V_EXT-V1.0.0.46_1.0.35
├── [940K] httpd_RBS40V_EXT-V1.0.0.48_1.0.38
├── [ 19K] libnvram-faker.so
├── [4.0K] nvram-faker
│ ├── [ 289] arch.mk
│ ├── [1.0K] buildarm_modify.sh
│ ├── [ 907] buildarm.sh
│ ├── [ 894] buildmipsel.sh
│ ├── [ 862] buildmips.sh
│ ├── [4.0K] contrib
│ │ └── [4.0K] inih
│ │ ├── [4.0K] cpp
│ │ │ ├── [2.0K] INIReader.cpp
│ │ │ ├── [1.9K] INIReader.h
│ │ │ └── [ 648] INIReaderTest.cpp
│ │ ├── [4.0K] examples
│ │ │ ├── [ 152] config.def
│ │ │ ├── [1020] ini_dump.c
│ │ │ ├── [1.1K] ini_example.c
│ │ │ ├── [1.2K] ini_xmacros.c
│ │ │ └── [ 309] test.ini
│ │ ├── [4.0K] extra
│ │ │ └── [ 320] Makefile.static
│ │ ├── [4.9K] ini.c
│ │ ├── [2.3K] ini.h
│ │ ├── [8.7K] ini.o
│ │ ├── [1.5K] LICENSE.txt
│ │ ├── [ 99] Makefile
│ │ ├── [ 183] README.txt
│ │ └── [4.0K] tests
│ │ ├── [ 18] bad_comment.ini
│ │ ├── [ 12] bad_multi.ini
│ │ ├── [ 76] bad_section.ini
│ │ ├── [ 984] baseline_multi.txt
│ │ ├── [ 905] baseline_single.txt
│ │ ├── [ 54] bom.ini
│ │ ├── [ 265] multi_line.ini
│ │ ├── [ 574] normal.ini
│ │ ├── [ 151] unittest.bat
│ │ ├── [1.6K] unittest.c
│ │ └── [ 45] user_error.ini
│ ├── [8.7K] ini.o
│ ├── [ 19K] libnvram-faker.so
│ ├── [1.1K] LICENSE.txt
│ ├── [ 729] Makefile
│ ├── [2.9K] nvram-faker.c
│ ├── [ 119] nvram-faker.h
│ ├── [ 694] nvram-faker-internal.h
│ ├── [ 551] nvram_faker_main.c
│ ├── [8.6K] nvram-faker.o
│ ├── [ 795] nvram.ini
│ └── [2.6K] README.md
├── [3.0K] nvram.ini
├── [ 460] README.md
└── [1019] setupdebuggerenv.txt
7 directories, 52 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。