tags:iotroutertp-linkstack_overflowrop original link: SSD Advisory: TP-LINKÂ VIGI onvif_discovery Overflow newsletter link: exploits.club Weekly Newsletter 26
Exploits Club Summary:
SSD Secure Disclosure team released a write-up for a buffer overflow on TP-Linkâs VIGI security camera. The vulnerability resides inÂ
onvif_discovery, which listens on port 5001 and is reachable while unauthenticated. The root cause for the vulnerability here is pretty straightforward, as attacker-controlled data is copied from one stack buffer to another, smaller buffer without performing any sort of bounds checking. The advisory walks through the call stack and shows the RE where the vulnerability resides. While it doesnât go in-depth on the exploitation, it provides a full PoC, which looks to do some standard ROP.