Vulnerabilites related to tendacn - f1200_firmware
cve-2017-9138
Vulnerability from cvelistv5
Published
2017-05-21 22:00
Modified
2024-09-17 02:53
Severity ?
EPSS score ?
Summary
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tendacn.com/en/2017.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router\u0027s username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router\u0027s username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tendacn.com/en/2017.html",
"refsource": "MISC",
"url": "http://www.tendacn.com/en/2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9138",
"datePublished": "2017-05-21T22:00:00Z",
"dateReserved": "2017-05-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:53:16.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9139
Vulnerability from cvelistv5
Published
2017-05-21 22:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tendacn.com/en/2017.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-21T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tendacn.com/en/2017.html",
"refsource": "MISC",
"url": "http://www.tendacn.com/en/2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9139",
"datePublished": "2017-05-21T22:00:00Z",
"dateReserved": "2017-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:31:40.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-05-21 22:29
Modified
2024-11-21 03:35
Severity ?
Summary
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.tendacn.com/en/2017.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tendacn.com/en/2017.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | f1200_firmware | * | |
| tendacn | f1200 | - | |
| tendacn | fh1202_firmware | * | |
| tendacn | fh1202 | - | |
| tendacn | f1202_firmware | * | |
| tendacn | f1202 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:f1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49E0BF5-553E-4122-A5C6-055CA6B78B7B",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:f1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42E86EC1-7A0F-41C4-A098-DF76BD1E7B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:fh1202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548E58FC-1379-41D9-9400-D80707CBEE42",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16E9CF2B-939C-4E9E-914A-C403A6E45DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:f1202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7728F67-89DB-494C-A535-7A24EC414366",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12C28522-BB92-4EFD-ABC9-4B5893097AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router\u0027s username and password."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de la interfaz de depuraci\u00f3n en algunos routers Tenda (FH1202/F1202/F1200: versiones anteriores a 1.2.0.20). Despu\u00e9s de conectarse localmente a un router de una manera cableada o inal\u00e1mbrica, uno puede omitir las restricciones de acceso previstas mediante el env\u00edo de comandos de shell directamente y leyendo sus resultados, o por el ingreso de comandos de shell que cambian el nombre de usuario y contrase\u00f1a de este router."
}
],
"id": "CVE-2017-9138",
"lastModified": "2024-11-21T03:35:24.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-21T22:29:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tendacn.com/en/2017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-21 22:29
Modified
2024-11-21 03:35
Severity ?
Summary
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.tendacn.com/en/2017.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tendacn.com/en/2017.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | f1200_firmware | * | |
| tendacn | f1200 | - | |
| tendacn | fh1202_firmware | * | |
| tendacn | fh1202 | - | |
| tendacn | f1202_firmware | * | |
| tendacn | f1202 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:f1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49E0BF5-553E-4122-A5C6-055CA6B78B7B",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:f1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42E86EC1-7A0F-41C4-A098-DF76BD1E7B9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:fh1202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "548E58FC-1379-41D9-9400-D80707CBEE42",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16E9CF2B-939C-4E9E-914A-C403A6E45DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:f1202_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7728F67-89DB-494C-A535-7A24EC414366",
"versionEndIncluding": "1.2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12C28522-BB92-4EFD-ABC9-4B5893097AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."
},
{
"lang": "es",
"value": "Hay desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en algunos routers Tenda (FH1202/F1202/F1200: versiones anteriores a 1.2.0.20). Las peticiones POST dise\u00f1adas a una direcci\u00f3n URL no especificada dan como resultado una DoS, interrumpiendo el servicio HTTP (utilizado para iniciar sesi\u00f3n en la interfaz de usuario web de un enrutador) durante 1 a 2 segundos."
}
],
"id": "CVE-2017-9139",
"lastModified": "2024-11-21T03:35:24.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-21T22:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tendacn.com/en/2017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tendacn.com/en/2017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}