Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-24488 PoC — Tenda CP3 安全漏洞

Source
https://github.com/minj-ae/CVE-2024-24488
Associated Vulnerability
Title:Tenda CP3 安全漏洞 (CVE-2024-24488)
Description:Tenda CP3是中国腾达(Tenda)公司的一款智能摄像机。 Tenda CP3 V2.0 V11.10.00.2311090948版本存在安全漏洞,该漏洞源于允许本地攻击者通过password组件获取敏感信息。
Description
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.
Readme
# [CVE-2024-24488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24488)
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.

# Tested Versions
CP3V2.0 - V11.10.00.2311090948

# CWE
CWE-313: Cleartext Storage in a File or on Disk

## Vulnerability Overview

Devices affected by this vulnerability can access the passwords of WiFi routers they are connected to through a specific file path. The path in question contains a file where sensitive information, including the WiFi router's password, is stored in plaintext.

### Vulnerable File Path

The sensitive information can be found at:

```/app/userdata/ifcfg.wlan0```
File Snapshot

 [4.0K]  /data/pocs/c2c090613692dc3d2e008857e0324a8c5c100d63
├── [4.0K]  app
│   └── [4.0K]  userdata
│       └── [  83]  ifcfg.wlan0
└── [ 730]  README.md

2 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.