by vicarius
log in join community
by @k4m1ll0
19 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Mercusys MW325R EU(V3) (CVE-2023-52162) - exploit

by @k4m1ll0
by @k4m1ll0
19 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Mercusys MW325R EU(V3) (CVE-2023-52162) - exploit

Apps

Tp-Link
Tp-LinkTp-Link
2.0.0.1.*
1.12.*
1.19.*
7.*
7.0.*
1.3.*
2.3.*
2.1.*
2.2.*
1.2.*

PoC video

Summary

Mercusys mw325r EU(V3) - CVE-2023-52162 An authenticated user, by modifying the Access Control List, can add new devices to the whitelist/blacklist. However, the "name" parameter passed is not adequately validated on the server side, resulting in a buffer overflow vulnerability.

general

Description

Tags

#Buffer-Overflow#mercusys#routerhacking#MW325R
users/photos/cllwqrjjj2sk91gn20zmt0wpl.png

@k4m1ll0

6 posts

https://k4m1ll0.com

Total vcoins

6K

Social media links

Comments (0)