Vulnerabilities > CVE-2018-14492 - Out-of-bounds Write vulnerability in Tendacn products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

tendacn

CWE-787

NVD

Published: 2018-07-21

Updated: 2020-08-24

Summary

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

Vulnerable Configurations

Part	Description	Count
OS	Tendacn Tendacn AC7 Firmware * Tendacn AC9 Firmware V15.03.05.19\(6318\) Tendacn Ac10 Firmware * Tendacn Ac15 Firmware - Tendacn Ac18 Firmware *	5
Hardware	Tendacn Tendacn AC7 - Tendacn AC9 - Tendacn Ac10 - Tendacn Ac15 - Tendacn Ac18 -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md