CVE-2020-8423 PoC — TP-Link TL-WR841N 缓冲区错误漏洞

Source

https://github.com/lnversed/CVE-2020-8423

Associated Vulnerability

Title:TP-Link TL-WR841N 缓冲区错误漏洞 (CVE-2020-8423)
Description:TP-Link TL-WR841N是中国普联（TP-Link）公司的一款无线路由器。使用3.16.9版本固件的TP-Link TL-WR841N V10版本中存在缓冲区错误漏洞。远程攻击者可借助GET请求利用该漏洞执行任意代码。

Description

Research based on https://ktln2.org/2020/03/29/exploiting-mips-router/#testing-environment

Readme

# CVE-2020-8423
Research based on https://ktln2.org/2020/03/29/exploiting-mips-router/#testing-environment
hook.c is customized (especially open())
vmlinux version 2.6.31

File Snapshot


 [4.0K]  /data/pocs/c789b4106205d60691dcef189030a0b1f0b6d19d
├── [ 210]  cmd.txt
├── [ 13K]  hook.c
├── [8.4K]  hook.so
├── [ 171]  README.md
├── [3.4M]  TL-WR841N_V10_150310.zip
└── [4.9M]  vmlinux

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!