Vulnerabilities > CVE-2022-30040 - Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.12890

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-787

NVD

Published: 2022-05-11

Updated: 2022-05-20

Summary

Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Ax1803 Firmware 1.0.0.1_2890	1
Hardware	Tenda Tenda Ax1803 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/Le1a/Tenda-AX1803-Denial-of-service
https://github.com/Le1a/CVE-2022-30040