Vulnerabilities > CVE-2020-28095 - Infinite Loop vulnerability in Tenda Ac1200 Firmware 15.03.06.51Multi

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
tenda
CWE-835

Summary

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Vulnerable Configurations

Part Description Count
OS
Tenda
1
Hardware
Tenda
1