I will probably try to do a full write-up of the vulnerability and how I was able to exploit it in an upcoming article on, stay tuned! The vulnerability was fixed by TP-Link in January 2022 and was assigned CVE-2022-24354 / ZDI-22-264. It has been tested against the Archer C7(US)_V5_210519 firmware that was published on Aug(you can find the NetUSB.ko in TP-Link's firmware images). The driver listens on the br-lan interface on TCP port 20005 and parses attacker controlled data. It exploits an integer overflow that results in a heap-buffer overflow in a kmalloc-128 slab cache in the NetUSB driver which is authored by the KCodes company. Zenith is an exploit I wrote to compromise the TP-Link AC1750 Smart Wi-Fi Router which was part of the Routers / LAN category in the Pwn2Own Austin 2021 contest. Zenith: Pwn2Own TP-Link AC1750 Smart Wi-Fi Router Remote Code Execution Vulnerability
0 kommentar(er)
