Vulnerabilites related to tendacn - ac9
cve-2020-22079
Vulnerability from cvelistv5
Published
2021-10-29 10:19
Modified
2024-08-04 14:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/121.html | x_refsource_MISC | |
| https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 | x_refsource_MISC | |
| https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:18:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/121.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"name": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11",
"refsource": "MISC",
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22079",
"datePublished": "2021-10-29T10:19:30",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:10.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14492
Vulnerability from cvelistv5
Published
2018-07-21 12:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-21T12:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md",
"refsource": "MISC",
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14492",
"datePublished": "2018-07-21T12:00:00Z",
"dateReserved": "2018-07-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:18:05.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13390
Vulnerability from cvelistv5
Published
2020-05-22 16:07
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:36:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13390",
"datePublished": "2020-05-22T16:07:03",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13391
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:37:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13391",
"datePublished": "2020-05-22T16:06:55",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36233
Vulnerability from cvelistv5
Published
2022-08-19 21:31
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tenda.com | x_refsource_MISC | |
| https://www.cnblogs.com/Amalll/p/16606980.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T21:31:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://www.cnblogs.com/Amalll/p/16606980.html",
"refsource": "MISC",
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36233",
"datePublished": "2022-08-19T21:31:12",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13394
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:43:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13394",
"datePublished": "2020-05-22T16:06:34",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31624
Vulnerability from cvelistv5
Published
2021-10-29 10:25
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tenda.com | x_refsource_MISC | |
| https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-29T10:25:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31624",
"datePublished": "2021-10-29T10:25:47",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13392
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:38:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13392",
"datePublished": "2020-05-22T16:06:47",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40942
Vulnerability from cvelistv5
Published
2023-09-07 00:00
Modified
2024-09-26 17:38
Severity ?
EPSS score ?
Summary
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9v3.0br",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.42_multi_TD01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:34:57.218929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:38:40.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter \u0027firewall_value\u0027 at url /goform/SetFirewallCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T14:33:43.109474",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40942",
"datePublished": "2023-09-07T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-26T17:38:40.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16333
Vulnerability from cvelistv5
Published
2018-09-02 03:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:31.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-02T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md",
"refsource": "MISC",
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16333",
"datePublished": "2018-09-02T03:00:00",
"dateReserved": "2018-09-01T00:00:00",
"dateUpdated": "2024-08-05T10:24:31.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31627
Vulnerability from cvelistv5
Published
2021-10-29 10:32
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tenda.com | x_refsource_MISC | |
| https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-29T10:32:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31627",
"datePublished": "2021-10-29T10:32:17",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13393
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:41:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13393",
"datePublished": "2020-05-22T16:06:41",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16334
Vulnerability from cvelistv5
Published
2018-09-02 03:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-02T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md",
"refsource": "MISC",
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16334",
"datePublished": "2018-09-02T03:00:00",
"dateReserved": "2018-09-01T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-20746
Vulnerability from cvelistv5
Published
2021-09-30 20:41
Modified
2024-08-04 14:22
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/121.html | x_refsource_MISC | |
| https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/121.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"name": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md",
"refsource": "MISC",
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20746",
"datePublished": "2021-09-30T20:41:27",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13389
Vulnerability from cvelistv5
Published
2020-05-22 16:07
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://joel-malwarebenchmark.github.io | x_refsource_MISC | |
| https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:33:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13389",
"datePublished": "2020-05-22T16:07:10",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-19 22:15
Modified
2024-11-21 07:12
Severity ?
Summary
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Product | |
| cve@mitre.org | https://www.cnblogs.com/Amalll/p/16606980.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cnblogs.com/Amalll/p/16606980.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.2.13 | |
| tendacn | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8DEAB5-8E48-4789-A2BA-AB0691D5644D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
},
{
"lang": "es",
"value": "Tenda AC9 versi\u00f3n V15.03.2.13, es vulnerable a un desbordamiento del b\u00fafer por medio de httpd, form_fast_setting_wifi_set. httpd."
}
],
"id": "CVE-2022-36233",
"lastModified": "2024-11-21T07:12:38.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-19T22:15:09.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el deviceId /goform/saveParentControlInfo y los par\u00e1metros de tiempo para una petici\u00f3n POST, un valor es directamente usado en una strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13393",
"lastModified": "2024-11-21T05:01:10.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el par\u00e1metro list de /goform/SetNetControlList para una petici\u00f3n POST, un valor es usado directamente en un strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13394",
"lastModified": "2024-11-21T05:01:10.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesan los par\u00e1metros schedStartTime y schedEndTime de /goform/openSchedWifi para una petici\u00f3n POST, un valor es usado directamente en una strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13389",
"lastModified": "2024-11-21T05:01:09.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-30 21:15
Modified
2024-11-21 05:12
Severity ?
Summary
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| cve@mitre.org | https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.06.60_en | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.60_en:*:*:*:*:*:*:*",
"matchCriteriaId": "90D4EF6F-3B6B-47F4-9093-FE81634DE235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servidor httpd en Tenda AC9 versi\u00f3n V15.03.06.60_ES, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (DoS) por medio de una petici\u00f3n POST dise\u00f1ada a /goform/SetStaticRouteCfg"
}
],
"id": "CVE-2020-20746",
"lastModified": "2024-11-21T05:12:16.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-30T21:15:07.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-02 03:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac18_firmware | * | |
| tendacn | ac18 | - | |
| tendacn | ac15_firmware | 15.03.05.19 | |
| tendacn | ac15 | - | |
| tendacn | ac10_firmware | 15.03.06.23 | |
| tendacn | ac10 | - | |
| tendacn | ac9_firmware | 15.03.05.19 | |
| tendacn | ac9 | - | |
| tendacn | ac7_firmware | 15.03.06.44 | |
| tendacn | ac7 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F87AEF-C34D-411D-808F-4A5F60493DA3",
"versionEndIncluding": "15.03.05.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF021B8-0BA1-42C9-A2A4-4B4BF18F8D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDF33B-0D03-492A-BCD1-0E6B79F783EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C7952445-9298-49B5-9F77-DEF7B18C9483",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5678A346-17EF-4626-BAE4-B1F5C8AFB9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82F2488A-65A0-4830-A520-979F8E6ADBB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8C8522-F517-4702-828F-D79C803574FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN y AC18 V15.03.05.19(6318)_CN. Hay una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del router. Al procesar el par\u00e1metro ssid para una petici\u00f3n POST, el valor se emplea directamente en una llamada sprintf a una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de la funci\u00f3n, provocando un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2018-16333",
"lastModified": "2024-11-21T03:52:32.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-02T03:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-02 03:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac10_firmware | * | |
| tendacn | ac10 | - | |
| tendacn | ac9_firmware | 15.03.05.19 | |
| tendacn | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "018743D2-3F52-43DF-8C7A-F28139690D53",
"versionEndIncluding": "15.03.06.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5678A346-17EF-4626-BAE4-B1F5C8AFB9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
},
{
"lang": "es",
"value": "\"Se ha descubierto un problema en dispositivos \nTenda AC9 V15.03.05.19(6318)_CN y AC10 V15.03.06.23_CN. El par\u00e1metro mac en una petici\u00f3n POST se emplea directamente en una llamada doSystemCmd, provocando la inyecci\u00f3n de comandos del sistema operativo.\""
}
],
"id": "CVE-2018-16334",
"lastModified": "2024-11-21T03:52:32.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-02T03:29:00.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesan las entradas /goform/addressNat y par\u00e1metros mitInterface para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13390",
"lastModified": "2024-11-21T05:01:09.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 05:13
Severity ?
Summary
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| cve@mitre.org | https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 | Broken Link | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac10u_firmware | 15.03.06.48_multi_tde01 | |
| tendacn | ac10u | 1.0 | |
| tendacn | ac9_firmware | 15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac9_firmware | 15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*",
"matchCriteriaId": "79A5D098-A57A-4887-8FAD-6BC8D494C235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "155D1EC2-F6ED-4D3B-9C4D-CF3265BA80D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "C41D8303-D9CC-4E43-9F6E-5185AD348DD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el router AC-10U AC1200 de Tenda versi\u00f3n US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro timeZone de goform/SetSysTimeCfg"
}
],
"id": "CVE-2020-22079",
"lastModified": "2024-11-21T05:13:06.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-07 15:15
Modified
2024-11-21 08:20
Severity ?
Summary
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.06.42_multi_td0 | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi_td0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B8F0DC-1319-4DA8-BAA9-2C6467607E4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter \u0027firewall_value\u0027 at url /goform/SetFirewallCfg."
},
{
"lang": "es",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 se descubri\u00f3 un desbordamiento de pila a trav\u00e9s del par\u00e1metro \u0027firewall_value\u0027 en url /goform/SetFirewallCfg."
}
],
"id": "CVE-2023-40942",
"lastModified": "2024-11-21T08:20:19.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-07T15:15:07.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 06:06
Severity ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 3.0 | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB151239-C968-4822-BC79-E8F44055D3FA",
"versionEndIncluding": "15.03.06.42_multi",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7D423D-053F-47CC-9BD2-676B60BB86DB",
"versionEndIncluding": "15.03.05.19\\(6318\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro urls"
}
],
"id": "CVE-2021-31624",
"lastModified": "2024-11-21T06:06:02.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras procesa el par\u00e1metro funcpara1 de /goform/setcfm para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13392",
"lastModified": "2024-11-21T05:01:10.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 06:06
Severity ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 3.0 | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB151239-C968-4822-BC79-E8F44055D3FA",
"versionEndIncluding": "15.03.06.42_multi",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7D423D-053F-47CC-9BD2-676B60BB86DB",
"versionEndIncluding": "15.03.05.19\\(6318\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro index"
}
],
"id": "CVE-2021-31627",
"lastModified": "2024-11-21T06:06:02.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-21 12:29
Modified
2024-11-21 03:49
Severity ?
Summary
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac7_firmware | * | |
| tendacn | ac7 | - | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | - | |
| tendacn | ac10_firmware | * | |
| tendacn | ac10 | - | |
| tendacn | ac15_firmware | * | |
| tendacn | ac15 | - | |
| tendacn | ac18_firmware | * | |
| tendacn | ac18 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD0F68A-7B1F-47EA-87A4-534F3076EEB6",
"versionEndIncluding": "15.03.06.44_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8C8522-F517-4702-828F-D79C803574FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F518F97C-6E41-4488-BC74-A55D00342473",
"versionEndIncluding": "v15.03.05.19\\(6318\\)_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C539B44-DC11-406C-8AEB-30570A1263B1",
"versionEndIncluding": "15.03.06.23_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85FC79AC-BE8A-481E-9782-C000CB45FAC0",
"versionEndIncluding": "15.03.05.19_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDF33B-0D03-492A-BCD1-0E6B79F783EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B058E65F-5459-42B1-A5EC-A62635C3751A",
"versionEndIncluding": "15.03.05.19\\(6318\\)_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
},
{
"lang": "es",
"value": "Los dispositivos Tenda AC7 hasta la versi\u00f3n V15.03.06.44_CN, AC9 hasta la versi\u00f3n V15.03.05.19(6318)_CN y AC10 hasta la versi\u00f3n V15.03.06.23_CN tienen un desbordamiento de b\u00fafer basado en pila mediante unos par\u00e1metros limitSpeed o limitSpeedup largos en un URI /goform sin especificar."
}
],
"id": "CVE-2018-14492",
"lastModified": "2024-11-21T03:49:10.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-21T12:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el par\u00e1metro speed_dir de /goform/SetSpeedWan para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13391",
"lastModified": "2024-11-21T05:01:09.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202110-1080
Vulnerability from variot
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Tenda AC9 Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 is a wireless router from Tenda in China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.42_multi"
},
{
"model": "ac9",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "ac9 firmware"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "gte",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0,\u003c=v15.03.05.19(6318)"
},
{
"model": "ac9 \u003e=v3.0,\u003c=v15.03.06.42 multi",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"cve": "CVE-2021-31627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2021-31627",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-84225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31627",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31627",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31627",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31627",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-84225",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-2209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-31627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Tenda AC9 Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 is a wireless router from Tenda in China",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "VULMON",
"id": "CVE-2021-31627"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31627",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-84225",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2209",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31627",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"id": "VAR-202110-1080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
}
],
"trust": 1.319222275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
}
]
},
"last_update_date": "2024-08-14T15:01:18.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/default.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/lyc-heng/routers/blob/main/routers/stack3.md"
},
{
"trust": 2.3,
"url": "http://tenda.com"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31627"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"date": "2021-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"date": "2022-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"date": "2021-10-29T11:15:08.433000",
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-84225"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31627"
},
{
"date": "2022-10-17T08:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-014384"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2209"
},
{
"date": "2021-11-03T12:18:22.917000",
"db": "NVD",
"id": "CVE-2021-31627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda\u00a0AC9\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014384"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2209"
}
],
"trust": 0.6
}
}
var-201803-2233
Vulnerability from variot
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Tenda AC9 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9 is a wireless router product from Tenda. A stack buffer overflow vulnerability exists in httpd in TendaAC9. A remote attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.05.14_en"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.14_en"
},
{
"model": "tenda technology co.,ltd. ac9 v15.03.05.14_en",
"scope": null,
"trust": 0.6,
"vendor": "",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tenda:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
}
]
},
"cve": "CVE-2018-7561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-04731",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137593",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7561",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7561",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7561",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-04731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-040",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137593",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Tenda AC9 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9 is a wireless router product from Tenda. A stack buffer overflow vulnerability exists in httpd in TendaAC9. A remote attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7561"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7561",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137593",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"id": "VAR-201803-2233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
}
],
"trust": 1.13844455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
}
]
},
"last_update_date": "2024-11-23T22:38:14.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AC9 / Router / AC1200 Smart Dual-Band Gigabit WiFi Router",
"trust": 0.8,
"url": "http://tendacn.com/en/product/AC9.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/vuldetailspublication/poc/tree/master/tenda/ac9"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7561"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"db": "VULHUB",
"id": "VHN-137593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"date": "2018-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-137593"
},
{
"date": "2018-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"date": "2018-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"date": "2018-03-01T15:29:00.213000",
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04731"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137593"
},
{
"date": "2018-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002524"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-040"
},
{
"date": "2024-11-21T04:12:22.127000",
"db": "NVD",
"id": "CVE-2018-7561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 Device buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002524"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-040"
}
],
"trust": 0.6
}
}
var-202109-0160
Vulnerability from variot
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. Tenda AC9 is a router device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.60_en"
},
{
"model": "ac9 15.03.06.60 en",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"cve": "CVE-2020-20746",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-20746",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-26248",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-20746",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-20746",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-26248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1995",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. Tenda AC9 is a router device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20746"
},
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "VULMON",
"id": "CVE-2020-20746"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-20746",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-26248",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1995",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-20746",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "VULMON",
"id": "CVE-2020-20746"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"id": "VAR-202109-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
}
],
"trust": 1.319222275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
}
]
},
"last_update_date": "2024-08-14T15:22:10.317000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-20746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "VULMON",
"id": "CVE-2020-20746"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"db": "VULMON",
"id": "CVE-2020-20746"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20746"
},
{
"date": "2021-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"date": "2021-09-30T21:15:07.960000",
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-26248"
},
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-20746"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1995"
},
{
"date": "2022-09-14T20:33:58.687000",
"db": "NVD",
"id": "CVE-2020-20746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26248)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-26248"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1995"
}
],
"trust": 0.6
}
}
var-202208-1445
Vulnerability from variot
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd. Tenda of AC9 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC9 is a wireless router from the Chinese company Tenda. An authenticated local attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.2.13"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "ac9 firmware 15.03.2.13"
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.2.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"cve": "CVE-2022-36233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-75822",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-36233",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-36233",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36233",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-36233",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-75822",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3593",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd. Tenda of AC9 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC9 is a wireless router from the Chinese company Tenda. An authenticated local attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36233"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "CNVD",
"id": "CNVD-2022-75822"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36233",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-75822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3593",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"id": "VAR-202208-1445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
}
],
"trust": 1.03844455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
}
]
},
"last_update_date": "2024-08-14T14:49:39.847000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tenda.com"
},
{
"trust": 2.4,
"url": "https://www.cnblogs.com/amalll/p/16606980.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36233"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36233/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"date": "2023-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"date": "2022-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"date": "2022-08-19T22:15:09.110000",
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-75822"
},
{
"date": "2023-09-22T08:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-014941"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3593"
},
{
"date": "2022-08-21T03:32:01.793000",
"db": "NVD",
"id": "CVE-2022-36233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda\u00a0 of \u00a0AC9\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3593"
}
],
"trust": 0.6
}
}
var-202005-0456
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318_)_cn"
},
{
"model": "ac6",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19_multi_td01"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19(6318)_cn"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v3.0 15.03.06.42_multi"
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.05.19 cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18 ) cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tenda:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
}
]
},
"cve": "CVE-2020-13390",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13390",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005758",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31387",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13390",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005758",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13390",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005758",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31387",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1140",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13390"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "CNVD",
"id": "CNVD-2020-31387"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13390",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31387",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1140",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"id": "VAR-202005-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
}
],
"trust": 1.38075707625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
}
]
},
"last_update_date": "2024-11-23T22:29:37.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13390"
},
{
"trust": 1.6,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13390"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"date": "2020-05-22T17:15:11.097000",
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31387"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005758"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1140"
},
{
"date": "2024-11-21T05:01:09.810000",
"db": "NVD",
"id": "CVE-2020-13390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005758"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1140"
}
],
"trust": 0.6
}
}
var-202005-0458
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.05.19 cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18 ) cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
}
]
},
"cve": "CVE-2020-13392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13392",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005746",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31407",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13392",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005746",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13392",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005746",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31407",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1142",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-13392",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "VULMON",
"id": "CVE-2020-13392"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13392",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31407",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1142",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13392",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"id": "VAR-202005-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
}
],
"trust": 1.38075707625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
}
]
},
"last_update_date": "2024-11-23T22:16:28.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://tendacn.com/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13392"
},
{
"trust": 1.7,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13392"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"date": "2020-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"date": "2020-05-22T17:15:11.237000",
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31407"
},
{
"date": "2020-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13392"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005746"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1142"
},
{
"date": "2024-11-21T05:01:10.107000",
"db": "NVD",
"id": "CVE-2020-13392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005746"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1142"
}
],
"trust": 0.6
}
}
var-201809-0930
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. plural Tenda Product Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda AC7, etc. are all wireless router products of China Tenda. An attacker can use this vulnerability to cause a denial of service. The following products and versions are affected: Tenda AC7 15.03.06.44_CN Version; AC9 15.03.05.19(6318)_CN Version; AC10 15.03.06.23_CN Version; AC15 15.03.05.19_CN Version; AC18 15.03.05.19(6318)_CN Version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0930",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac10",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.06.23"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.05.19"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.05.19"
},
{
"model": "ac7",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.06.44"
},
{
"model": "ac18",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19"
},
{
"model": "ac10",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.06.23_cn"
},
{
"model": "ac15",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19_cn"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318)_cn"
},
{
"model": "ac7",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.06.44_cn"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318)_cn"
},
{
"model": "ac9 15.03.05.19 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac7 15.03.06.44 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac10 15.03.06.23 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac15 15.03.05.19 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac18 15.03.05.19 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.05.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
}
]
},
"cve": "CVE-2018-16333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16333",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-35175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-126682",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16333",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16333",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-036",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126682",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-16333",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. plural Tenda Product Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda AC7, etc. are all wireless router products of China Tenda. An attacker can use this vulnerability to cause a denial of service. The following products and versions are affected: Tenda AC7 15.03.06.44_CN Version; AC9 15.03.05.19(6318)_CN Version; AC10 15.03.06.23_CN Version; AC15 15.03.05.19_CN Version; AC18 15.03.05.19(6318)_CN Version",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "VULMON",
"id": "CVE-2018-16333"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16333",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-35175",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126682",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16333",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"id": "VAR-201809-0930",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
}
],
"trust": 1.4236169144444446
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
}
]
},
"last_update_date": "2024-11-23T22:38:03.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/kal1x/iotvulhub "
},
{
"title": "Routers",
"trust": 0.1,
"url": "https://github.com/ZIllR0/Routers "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/zillr0/routers/blob/master/tenda/oob1.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16333"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16333"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/kal1x/iotvulhub"
},
{
"trust": 0.1,
"url": "https://github.com/zillr0/routers"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"db": "VULHUB",
"id": "VHN-126682"
},
{
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"date": "2018-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-126682"
},
{
"date": "2018-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"date": "2018-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"date": "2018-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"date": "2018-09-02T03:29:00.620000",
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35175"
},
{
"date": "2018-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-126682"
},
{
"date": "2018-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16333"
},
{
"date": "2018-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009403"
},
{
"date": "2018-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-036"
},
{
"date": "2024-11-21T03:52:32.530000",
"db": "NVD",
"id": "CVE-2018-16333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-036"
}
],
"trust": 0.6
}
}
var-202005-0457
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.05.19 cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18 ) cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
}
]
},
"cve": "CVE-2020-13391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13391",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005745",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13391",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005745",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13391",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005745",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31397",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1141",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-13391",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "VULMON",
"id": "CVE-2020-13391"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13391",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31397",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1141",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13391",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"id": "VAR-202005-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
}
],
"trust": 1.38075707625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
}
]
},
"last_update_date": "2024-11-23T22:41:05.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://tendacn.com/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13391"
},
{
"trust": 1.7,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13391"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"date": "2020-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"date": "2020-05-22T17:15:11.177000",
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31397"
},
{
"date": "2020-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13391"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005745"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1141"
},
{
"date": "2024-11-21T05:01:09.953000",
"db": "NVD",
"id": "CVE-2020-13391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005745"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1141"
}
],
"trust": 0.6
}
}
var-202005-0455
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0455",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318_)_cn"
},
{
"model": "ac6",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19_multi_td01"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v1.0 15.03.05.19(6318)_cn"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "v3.0 15.03.06.42_multi"
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0v15.03.05.19(6318)"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tenda:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
}
]
},
"cve": "CVE-2020-13389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13389",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005757",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31386",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13389",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13389",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005757",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1139",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-13389",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13389"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "VULMON",
"id": "CVE-2020-13389"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13389",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31386",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1139",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13389",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"id": "VAR-202005-0455",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
}
],
"trust": 1.3076761016666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
}
]
},
"last_update_date": "2024-11-23T22:48:00.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13389"
},
{
"trust": 1.7,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13389"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"date": "2020-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"date": "2020-05-22T17:15:11.033000",
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31386"
},
{
"date": "2020-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13389"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005757"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1139"
},
{
"date": "2024-11-21T05:01:09.660000",
"db": "NVD",
"id": "CVE-2020-13389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005757"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1139"
}
],
"trust": 0.6
}
}
var-201809-0931
Vulnerability from variot
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. Tenda AC9 and AC10 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9 is a wireless router product from Tenda. The operating system command injection vulnerability exists in TendaAC915.03.05.19 (6318)_CN version and AC1015.03.06.23_CN version and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.6,
"vendor": "tendacn",
"version": "15.03.05.19"
},
{
"model": "ac10",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.23"
},
{
"model": "ac10",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.06.23_cn"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318)_cn"
},
{
"model": "ac10 \u003c=15.03.06.23 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac9 15.03.05.19 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac10",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.06.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
}
]
},
"cve": "CVE-2018-16334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-16334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-19080",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-126683",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-16334",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16334",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16334",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-19080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-035",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-126683",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. Tenda AC9 and AC10 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9 is a wireless router product from Tenda. The operating system command injection vulnerability exists in TendaAC915.03.05.19 (6318)_CN version and AC1015.03.06.23_CN version and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16334",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-19080",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126683",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"id": "VAR-201809-0931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
}
],
"trust": 1.3762350424999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
}
]
},
"last_update_date": "2024-11-23T22:12:20.639000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16334"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16334"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"db": "VULHUB",
"id": "VHN-126683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"date": "2018-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-126683"
},
{
"date": "2018-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"date": "2018-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"date": "2018-09-02T03:29:00.760000",
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19080"
},
{
"date": "2018-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-126683"
},
{
"date": "2018-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009402"
},
{
"date": "2018-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-035"
},
{
"date": "2024-11-21T03:52:32.727000",
"db": "NVD",
"id": "CVE-2018-16334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 and AC10 In the device OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-035"
}
],
"trust": 0.6
}
}
var-202005-0460
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0v15.03.05.19(6318)"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
}
]
},
"cve": "CVE-2020-13394",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13394",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005748",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31409",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13394",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005748",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13394",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005748",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1144",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13394"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "CNVD",
"id": "CNVD-2020-31409"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13394",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31409",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1144",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"id": "VAR-202005-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
}
],
"trust": 1.3076761016666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
}
]
},
"last_update_date": "2024-11-23T22:58:17.264000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://tendacn.com/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13394"
},
{
"trust": 1.6,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"date": "2020-05-22T17:15:11.363000",
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31409"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005748"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1144"
},
{
"date": "2024-11-21T05:01:10.413000",
"db": "NVD",
"id": "CVE-2020-13394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1144"
}
],
"trust": 0.6
}
}
var-201807-1285
Vulnerability from variot
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \342\200\230limitSpeed\342\200\231 or \342\200\230limitSpeedup\342\200\231 parameter to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac18",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19\\(6318\\)_cn"
},
{
"model": "ac7",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.44_cn"
},
{
"model": "ac10",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.23_cn"
},
{
"model": "ac9",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)_cn"
},
{
"model": "ac15",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19_cn"
},
{
"model": "ac10",
"scope": "lte",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.06.23_cn"
},
{
"model": "ac15",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac7",
"scope": "lte",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.06.44_cn"
},
{
"model": "ac9",
"scope": "lte",
"trust": 0.8,
"vendor": "tenda",
"version": "15.03.05.19(6318)_cn"
},
{
"model": "ac7 \u003c=15.03.06.44 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac10 \u003c=15.03.06.23 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac9 \u003c=15.03.05.19 cn",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "ac7",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.06.44_cn"
},
{
"model": "ac10",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.06.23_cn"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)_cn"
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.05.19\\(6318\\)_cn"
},
{
"model": "ac15",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "15.03.05.19_cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
}
]
},
"cve": "CVE-2018-14492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14492",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-14983",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-124657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14492",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-14983",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1668",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-124657",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \\342\\200\\230limitSpeed\\342\\200\\231 or \\342\\200\\230limitSpeedup\\342\\200\\231 parameter to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14492"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14492",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-14983",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"id": "VAR-201807-1285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
}
],
"trust": 1.3446503185714285
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
}
]
},
"last_update_date": "2024-11-23T22:52:01.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124657"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/zillr0/routers/blob/master/tendaoob1.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14492"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14492"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"db": "VULHUB",
"id": "VHN-124657"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"date": "2018-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-124657"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"date": "2018-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"date": "2018-07-21T12:29:00.333000",
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-14983"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-124657"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008461"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1668"
},
{
"date": "2024-11-21T03:49:10.740000",
"db": "NVD",
"id": "CVE-2018-14492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008461"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1668"
}
],
"trust": 0.6
}
}
var-202110-1440
Vulnerability from variot
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Tenda AC9 Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC9 is a wireless router from the Chinese company Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.42_multi"
},
{
"model": "ac9",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "ac9 firmware"
},
{
"model": "ac9",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": "gte",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0,\u003c=v15.03.05.19(6318)"
},
{
"model": "ac9 \u003e=v3.0,\u003c=v15.03.06.42 multi",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"cve": "CVE-2021-31624",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2021-31624",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-42149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31624",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31624",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31624",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31624",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-42149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-2208",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Tenda AC9 Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC9 is a wireless router from the Chinese company Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31624"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "CNVD",
"id": "CNVD-2022-42149"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31624",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-42149",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2208",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"id": "VAR-202110-1440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
}
],
"trust": 1.319222275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
}
]
},
"last_update_date": "2024-08-14T14:03:01.827000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/default.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/lyc-heng/routers/blob/main/routers/stack2.md"
},
{
"trust": 2.2,
"url": "http://tenda.com"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31624"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"date": "2022-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"date": "2021-10-29T11:15:08.383000",
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-42149"
},
{
"date": "2022-10-17T09:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-014386"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2208"
},
{
"date": "2021-11-02T17:11:52.207000",
"db": "NVD",
"id": "CVE-2021-31624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda\u00a0AC9\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2208"
}
],
"trust": 0.6
}
}
var-202309-0434
Vulnerability from variot
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. Tenda AC9 is a wireless router from China's Tenda company. This vulnerability is caused by the parameter "firewall_value" at the URL /goform/SetFirewallCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to attack the system Execute arbitrary code or cause a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.42_multi_td0"
},
{
"model": "ac9 15.03.06.42 multi td0",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"cve": "CVE-2023-40942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-70072",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-40942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-40942",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-70072",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter \u0027firewall_value\u0027 at url /goform/SetFirewallCfg. Tenda AC9 is a wireless router from China\u0027s Tenda company. This vulnerability is caused by the parameter \"firewall_value\" at the URL /goform/SetFirewallCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to attack the system Execute arbitrary code or cause a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40942"
},
{
"db": "CNVD",
"id": "CNVD-2023-70072"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-40942",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2023-70072",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-40942",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"db": "VULMON",
"id": "CVE-2023-40942"
},
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"id": "VAR-202309-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
}
],
"trust": 1.03844455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
}
]
},
"last_update_date": "2024-08-14T13:41:30.167000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://github.com/gleamingeyes/vul/blob/main/tenda_ac9/setfirewallcfg.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-40942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"db": "VULMON",
"id": "CVE-2023-40942"
},
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"db": "VULMON",
"id": "CVE-2023-40942"
},
{
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"date": "2023-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40942"
},
{
"date": "2023-09-07T15:15:07.767000",
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-70072"
},
{
"date": "2023-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40942"
},
{
"date": "2023-09-12T19:55:13.077000",
"db": "NVD",
"id": "CVE-2023-40942"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC9 buffer overflow vulnerability (CNVD-2023-70072)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-70072"
}
],
"trust": 0.6
}
}
var-202110-1423
Vulnerability from variot
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. Tenda AC-10U AC1200 Routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC-10U is a wireless router of China Tenda (Tenda) company.
The Tenda AC-10U AC1200 router has a buffer overflow vulnerability. The vulnerability exists due to boundary errors when processing untrusted input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1423",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.42_multi"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.05.19\\(6318\\)"
},
{
"model": "ac10u",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "15.03.06.48_multi_tde01"
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac10u",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac-10u us ac10uv1.0rtl v15.03.06.48 multi tde01",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"cve": "CVE-2020-22079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-22079",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-84224",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-22079",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-22079",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-22079",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-22079",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-84224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-2207",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. Tenda AC-10U AC1200 Routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC-10U is a wireless router of China Tenda (Tenda) company. \n\r\n\r\nThe Tenda AC-10U AC1200 router has a buffer overflow vulnerability. The vulnerability exists due to boundary errors when processing untrusted input",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22079"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "CNVD",
"id": "CNVD-2021-84224"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-22079",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-84224",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2207",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"id": "VAR-202110-1423",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
}
],
"trust": 1.319222275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
}
]
},
"last_update_date": "2024-08-14T14:44:14.816000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.tenda.com.cn/default.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/lyc-heng/routers/blob/main/routers/stack1.md"
},
{
"trust": 2.2,
"url": "https://github.com/1sd3d/tendown/tree/master/pocs/auth/bof11"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-22079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"date": "2022-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"date": "2021-10-29T11:15:08.310000",
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-84224"
},
{
"date": "2022-10-18T06:58:00",
"db": "JVNDB",
"id": "JVNDB-2021-014421"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-2207"
},
{
"date": "2022-10-26T13:55:15.213000",
"db": "NVD",
"id": "CVE-2020-22079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda\u00a0AC-10U\u00a0AC1200\u00a0 Out-of-Bounds Write Vulnerability in Router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-2207"
}
],
"trust": 0.6
}
}
var-202005-0459
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.06.42_multi"
},
{
"model": "ac6",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19\\(6318\\)"
},
{
"model": "ac15",
"scope": "eq",
"trust": 1.0,
"vendor": "tendacn",
"version": "v15.03.05.19_multi_td01"
},
{
"model": "ac15",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac9",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac6 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.06.42 multi",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v3.0"
},
{
"model": "ac15 v15.03.05.19 multi td01",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac9 v15.03.05.19 cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v1.0"
},
{
"model": "ac18 ) cn",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "v15.03.05.19(6318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tendacn:ac15_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tendacn:ac9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
}
]
},
"cve": "CVE-2020-13393",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-13393",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005747",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31408",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13393",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005747",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13393",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-005747",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31408",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1143",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13393"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "CNVD",
"id": "CNVD-2020-31408"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13393",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31408",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1143",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"id": "VAR-202005-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
}
],
"trust": 1.38075707625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
}
]
},
"last_update_date": "2024-11-23T22:51:21.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://tendacn.com/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-tenda-vulnerability/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13393"
},
{
"trust": 1.0,
"url": "https://joel-malwarebenchmark.github.io"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"date": "2020-05-22T17:15:11.300000",
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31408"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005747"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1143"
},
{
"date": "2024-11-21T05:01:10.260000",
"db": "NVD",
"id": "CVE-2020-13393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005747"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1143"
}
],
"trust": 0.6
}
}