Vulnerabilities > CVE-2019-19506 - Infinite Loop vulnerability in Tendacn PA6 Firmware 1.0.1.21

CVSS 7.8 - HIGH

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

tendacn

CWE-835

NVD

Published: 2020-06-25

Updated: 2020-06-25

Summary

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.

Vulnerable Configurations

Part	Description	Count
OS	Tendacn Tendacn PA6 Firmware 1.0.1.21	1
Hardware	Tendacn Tendacn PA6 -	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/