Vulnerabilities > CVE-2019-19506 - Infinite Loop vulnerability in Tendacn PA6 Firmware 1.0.1.21

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tendacn

CWE-835

NVD

Published: 2020-06-25

Updated: 2020-07-08

Summary

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.

Vulnerable Configurations

Part	Description	Count
OS	Tendacn Tendacn PA6 Firmware 1.0.1.21	1
Hardware	Tendacn Tendacn PA6 -	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/