Vulnerabilities > CVE-2020-28095 - Infinite Loop vulnerability in Tenda Ac1200 Firmware 15.03.06.51Multi

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-835

NVD

Published: 2020-12-30

Updated: 2021-01-05

Summary

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Ac1200 Firmware 15.03.06.51_Multi	1
Hardware	Tenda Tenda Ac1200 Ac6	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md