Skip to content

doyensec/exploitable-IoT-solution

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
decompiled_saveParentControlInfo.c
decompiled_saveParentControlInfo.c
 
 
exploit.py
exploit.py
 
 

Repository files navigation

Tenda AC15 CVE-2020-13393 Exploit

Simple exploit for CVE-2020-13393 for the Tenda AC15 on firmware V15.03.05.18_multi.

This exploit was developed as an exercise using EMUX, no guarantee that it works on a real device. Check out our blog post on its development here.

Vulnerability Details

The vulnerability is a stack overflow on the time parameter of the saveParentControlInfo endpoint. Note that the affected endpoint normally requires authentication, but you can abuse CVE-2021-44971 to bypass it.

The repo also contains a decompiled version of the saveParentControlInfo function.

About

!Exploitable IoT Exploit

blog.doyensec.com/2025/02/11/exploitable-iot.html

Topics

iot exploit appsec iot-security tenda

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages