Vendor: Tenda
Product: AC10
Version: US_AC10V4.0si_V16.03.10.09_multi_TDE01
Type: Misconfiguration
Firmware link: https://www.tendacn.com/material/show/104560
Lack of input validation/sanitization in ate in the Tenda AC10 V4.0 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the ate service when enabled
Sending an ifconfig command to the ate service sees it appending user-input data to an ifconfig command that it executes, allowing an attacker to inject additional commands.
int __fastcall sub_40A1C0(const char *a1)
{
char v2[4096]; // [sp+20h] [+20h] BYREF
memset(v2, 0, sizeof(v2));
strcpy(v2, "ifconfig ");
strcat(v2, a1);
doSystemCmd(v2);
return 0;
}