Vulnerabilities > CVE-2022-28556 - Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.20Multitde01

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-787

NVD

Published: 2022-05-04

Updated: 2023-08-08

Summary

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Ac15 Firmware 15.03.05.20_Multi_Tde01	1
Hardware	Tenda Tenda Ac15 1.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md