All the vulnerabilites related to Tenda - AC15
cve-2021-44971
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://tenda.com | x_refsource_MISC | |
http://ac15v10.com | x_refsource_MISC | |
https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.606Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://tenda.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ac15v10.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-28T18:17:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://tenda.com" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ac15v10.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44971", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://tenda.com", "refsource": "MISC", "url": "http://tenda.com" }, { "name": "http://ac15v10.com", "refsource": "MISC", "url": "http://ac15v10.com" }, { "name": "https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md", "refsource": "MISC", "url": "https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44971", "datePublished": "2022-01-28T18:17:04", "dateReserved": "2021-12-13T00:00:00", "dateUpdated": "2024-08-04T04:32:13.606Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28557
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:15.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-04T15:18:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28557", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md", "refsource": "MISC", "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28557", "datePublished": "2022-05-04T15:18:42", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2024-08-03T05:56:15.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30370
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/7.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/7.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30370", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2805
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257660 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257660 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2805", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T14:59:16.273514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T19:52:43.903Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257660 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257660" }, { "name": "VDB-257660 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257660" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine kritische Schwachstelle wurde in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Davon betroffen ist die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Manipulieren des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T03:00:06.426Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257660 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257660" }, { "name": "VDB-257660 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257660" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:38:14.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2805", "datePublished": "2024-03-22T03:00:06.426Z", "dateReserved": "2024-03-21T21:33:09.307Z", "dateUpdated": "2024-08-01T19:25:42.139Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18727
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceList\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18727", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceList\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18727", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30371
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/4.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function \"sub_ED14\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/4.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30371", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44156
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:47:05.730Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drive.google.com/file/d/1dbMwByl40uqMiSv_DOEW8pFjRhGX-j97/view?usp=sharing" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://drive.google.com/file/d/1dbMwByl40uqMiSv_DOEW8pFjRhGX-j97/view?usp=sharing" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44156", "datePublished": "2022-11-21T00:00:00", "dateReserved": "2022-10-30T00:00:00", "dateUpdated": "2024-08-03T13:47:05.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18706
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromDhcpListClient\" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-27T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromDhcpListClient\" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md", "refsource": "MISC", "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18706", "datePublished": "2018-10-27T22:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44168
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:47:05.686Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/fromSetRouteStatic" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/fromSetRouteStatic" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44168", "datePublished": "2022-11-21T00:00:00", "dateReserved": "2022-10-30T00:00:00", "dateUpdated": "2024-08-03T13:47:05.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36103
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.20" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-36103", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T19:17:57.628118Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T19:19:54.168Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T16:03:22.427612", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/t0hka1/Tenda-AC15-Exp/blob/master/Tenda%20AC15%20V15.03.05.20%20Exp.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-36103", "datePublished": "2024-09-10T00:00:00", "dateReserved": "2023-06-21T00:00:00", "dateUpdated": "2024-09-10T19:19:54.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18708
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.428Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromAddressNat\" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-27T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18708", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromAddressNat\" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md", "refsource": "MISC", "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/Tenda.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18708", "datePublished": "2018-10-27T22:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.428Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2817
Vulnerability from cvelistv5
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257672 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257672 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2817", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-25T16:40:43.152598Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T14:17:33.913Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257672 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257672" }, { "name": "VDB-257672 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257672" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_tutu (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine problematische Schwachstelle wurde in Tenda AC15 15.03.05.18 entdeckt. Dies betrifft die Funktion fromSysToolRestoreSet der Datei /goform/SysToolRestoreSet. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T08:00:06.270Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257672 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257672" }, { "name": "VDB-257672 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257672" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:40:26.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2817", "datePublished": "2024-03-22T08:00:06.270Z", "dateReserved": "2024-03-21T21:35:23.891Z", "dateUpdated": "2024-08-01T19:25:41.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37175
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view | x_refsource_MISC | |
https://www.cnblogs.com/Amalll/p/16527552.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:21:33.226Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cnblogs.com/Amalll/p/16527552.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-19T20:50:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.cnblogs.com/Amalll/p/16527552.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view", "refsource": "MISC", "url": "https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view" }, { "name": "https://www.cnblogs.com/Amalll/p/16527552.html", "refsource": "MISC", "url": "https://www.cnblogs.com/Amalll/p/16527552.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37175", "datePublished": "2022-08-19T20:50:21", "dateReserved": "2022-08-01T00:00:00", "dateUpdated": "2024-08-03T10:21:33.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2855
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257779 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257779 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2855", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T13:38:53.645813Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T19:51:14.751Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257779 | Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257779" }, { "name": "VDB-257779 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257779" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.05.19" }, { "status": "affected", "version": "15.03.20" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "wxhwxhwxh_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.05.18/15.03.05.19/15.03.20 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion fromSetSysTime der Datei /goform/SetSysTimeCfg. Mittels dem Manipulieren des Arguments time mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-24T06:00:06.171Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257779 | Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257779" }, { "name": "VDB-257779 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257779" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-23T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-23T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-23T06:52:35.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2855", "datePublished": "2024-03-24T06:00:06.171Z", "dateReserved": "2024-03-23T05:47:33.356Z", "dateUpdated": "2024-08-01T19:25:42.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2809
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257664 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257664 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257664 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257664" }, { "name": "VDB-257664 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257664" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2809", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T20:51:20.892981Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T20:52:37.087Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formSetFirewallCfg der Datei /goform/SetFirewallCfg. Dank der Manipulation des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T05:31:04.573Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257664 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257664" }, { "name": "VDB-257664 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257664" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:39:22.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2809", "datePublished": "2024-03-22T05:31:04.573Z", "dateReserved": "2024-03-21T21:34:19.498Z", "dateUpdated": "2024-08-01T20:52:37.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18730
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027startIp\u0027 and \u0027endIp\u0027 parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18730", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027startIp\u0027 and \u0027endIp\u0027 parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18730", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.429Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18707
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"ssid\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-27T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"ssid\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md", "refsource": "MISC", "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/Tenda.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18707", "datePublished": "2018-10-27T22:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2815
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257670 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257670 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2815", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T13:57:42.883520Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T19:51:33.522Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257670 | Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257670" }, { "name": "VDB-257670 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257670" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "modules": [ "Cookie Handler" ], "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_tutu (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Es wurde eine kritische Schwachstelle in Tenda AC15 15.03.20_multi entdeckt. Es betrifft die Funktion R7WebsSecurityHandler der Datei /goform/execCommand der Komponente Cookie Handler. Mittels Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T07:31:04.644Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257670 | Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257670" }, { "name": "VDB-257670 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257670" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:40:16.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2815", "datePublished": "2024-03-22T07:31:04.644Z", "dateReserved": "2024-03-21T21:35:13.502Z", "dateUpdated": "2024-08-01T19:25:42.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39673
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:18:09.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.tendacn.com/download/list-3.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Davidteeri/Bug-Report/blob/main/Tenda/AC15%20Impoper%20Input%20Validation.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15", "vendor": "tenda", "versions": [ { "status": "affected", "version": "1.0br_v15.03.05.18_multi_td01" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-39673", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T17:25:22.257636Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T17:26:35.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34()." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-18T02:44:55.717726", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.tendacn.com/download/list-3.html" }, { "url": "https://github.com/Davidteeri/Bug-Report/blob/main/Tenda/AC15%20Impoper%20Input%20Validation.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-39673", "datePublished": "2023-08-18T00:00:00", "dateReserved": "2023-08-07T00:00:00", "dateUpdated": "2024-10-07T17:26:35.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-15916
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:30:22.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-23T17:53:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15916", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68", "refsource": "MISC", "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15916", "datePublished": "2020-07-23T17:53:48", "dateReserved": "2020-07-23T00:00:00", "dateUpdated": "2024-08-04T13:30:22.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2806
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257661 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257661 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257661 | Tenda AC15 addWifiMacFilter stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257661" }, { "name": "VDB-257661 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257661" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2806", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T15:10:50.792677Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T15:13:05.766Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion addWifiMacFilter der Datei /goform/addWifiMacFilter. Durch Manipulieren des Arguments deviceId/deviceMac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T04:31:04.089Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257661 | Tenda AC15 addWifiMacFilter stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257661" }, { "name": "VDB-257661 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257661" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:38:29.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 addWifiMacFilter stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2806", "datePublished": "2024-03-22T04:31:04.089Z", "dateReserved": "2024-03-21T21:33:26.262Z", "dateUpdated": "2024-08-21T15:13:05.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2808
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257663 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257663 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.749Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257663 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257663" }, { "name": "VDB-257663 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257663" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2808", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-22T14:57:09.173805Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T13:41:45.486Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.05.18/15.03.20_multi entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T05:00:06.300Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257663 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257663" }, { "name": "VDB-257663 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257663" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:39:09.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 QuickIndex formQuickIndex stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2808", "datePublished": "2024-03-22T05:00:06.300Z", "dateReserved": "2024-03-21T21:34:07.034Z", "dateUpdated": "2024-08-12T13:41:45.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10987
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/research/ | x_refsource_MISC | |
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.161Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-13T18:46:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ise.io/research/", "refsource": "MISC", "url": "https://www.ise.io/research/" }, { "name": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68", "refsource": "MISC", "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10987", "datePublished": "2020-07-13T18:46:12", "dateReserved": "2020-03-26T00:00:00", "dateUpdated": "2024-08-04T11:21:14.161Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2810
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257665 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257665 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.171Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257665 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257665" }, { "name": "VDB-257665 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257665" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2810", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T19:11:53.980346Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T13:40:03.316Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formWifiWpsOOB der Datei /goform/WifiWpsOOB. Dank Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T05:31:05.963Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257665 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257665" }, { "name": "VDB-257665 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257665" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:39:33.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2810", "datePublished": "2024-03-22T05:31:05.963Z", "dateReserved": "2024-03-21T21:34:30.779Z", "dateUpdated": "2024-08-12T13:40:03.316Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10280
Vulnerability from cvelistv5
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.281555 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.281555 | signature, permissions-required | |
https://vuldb.com/?submit.426417 | third-party-advisory | |
https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md | exploit | |
https://www.tenda.com.cn/ | product |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Tenda | AC6 |
Version: 20241022 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac6_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.23" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac8_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "16.03.34.06" } ] }, { "cpes": [ "cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac8_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "16.03.34.09" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac10_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "16.03.48.23" }, { "status": "affected", "version": "16.03.48.19" }, { "status": "affected", "version": "16.03.48.20" }, { "status": "affected", "version": "16.03.48.13" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac1206_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.23" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac9_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.42" }, { "status": "affected", "version": "15.03.05.19\\(6318_\\)" }, { "status": "affected", "version": "15.03.05.14" }, { "status": "affected", "version": "15.03.2.13" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac18_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.05" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac18_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.19\\(6318\\)" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac500_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "2.0.1.9\\(1307\\)" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac500_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "1.0.0.16" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac500_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "1.0.0.14" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac10u_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.48" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac10u_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.49" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac7_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.06.44" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-10280", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T17:28:19.760214Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T17:41:57.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC6", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC7", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC8", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC9", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC10", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC10U", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC18", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC500", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] }, { "product": "AC1206", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "20241022" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "minipython (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 bis 20241022 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-23T13:31:07.315Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-281555 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.281555" }, { "name": "VDB-281555 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.281555" }, { "name": "Submit #426417 | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.426417" }, { "tags": [ "exploit" ], "url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md" }, { "tags": [ "product" ], "url": "https://www.tenda.com.cn/" } ], "timeline": [ { "lang": "en", "time": "2024-10-23T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-10-23T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-10-23T08:07:55.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-10280", "datePublished": "2024-10-23T13:31:07.315Z", "dateReserved": "2024-10-23T06:02:03.363Z", "dateUpdated": "2024-10-23T17:41:57.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18729
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027mac\u0027 parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18729", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027mac\u0027 parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18729", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30369
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.818Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/3.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/3.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30369", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2816
Vulnerability from cvelistv5
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257671 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257671 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257671 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257671" }, { "name": "VDB-257671 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257671" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2816", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T15:05:26.052141Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T15:06:37.954Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_tutu (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.05.18 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion fromSysToolReboot der Datei /goform/SysToolReboot. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T07:31:06.083Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257671 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257671" }, { "name": "VDB-257671 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257671" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:40:21.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2816", "datePublished": "2024-03-22T07:31:06.083Z", "dateReserved": "2024-03-21T21:35:18.285Z", "dateUpdated": "2024-08-21T15:06:37.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10988
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/research/ | x_refsource_MISC | |
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-13T18:01:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ise.io/research/", "refsource": "MISC", "url": "https://www.ise.io/research/" }, { "name": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68", "refsource": "MISC", "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10988", "datePublished": "2020-07-13T18:01:55", "dateReserved": "2020-03-26T00:00:00", "dateUpdated": "2024-08-04T11:21:14.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10662
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.282677 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.282677 | signature, permissions-required | |
https://vuldb.com/?submit.434933 | third-party-advisory | |
https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formSetDeviceName/tenda_ac15_stackflow_formSetDeviceName.md | exploit | |
https://www.tenda.com.cn/ | product |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-10662", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-01T19:06:25.331828Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-05T15:25:38.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "theRaz0r (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine kritische Schwachstelle wurde in Tenda AC15 15.03.05.19 gefunden. Dies betrifft die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Durch Beeinflussen des Arguments devName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T16:00:16.399Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-282677 | Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.282677" }, { "name": "VDB-282677 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.282677" }, { "name": "Submit #434933 | Tenda AC15 V15.03.05.19 Buffer Overflow", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.434933" }, { "tags": [ "exploit" ], "url": "https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formSetDeviceName/tenda_ac15_stackflow_formSetDeviceName.md" }, { "tags": [ "product" ], "url": "https://www.tenda.com.cn/" } ], "timeline": [ { "lang": "en", "time": "2024-11-01T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-01T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-01T10:18:55.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-10662", "datePublished": "2024-11-01T16:00:16.399Z", "dateReserved": "2024-11-01T09:13:49.387Z", "dateUpdated": "2024-11-05T15:25:38.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10989
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/research/ | x_refsource_MISC | |
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-13T18:04:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ise.io/research/", "refsource": "MISC", "url": "https://www.ise.io/research/" }, { "name": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68", "refsource": "MISC", "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10989", "datePublished": "2020-07-13T18:04:36", "dateReserved": "2020-03-26T00:00:00", "dateUpdated": "2024-08-04T11:21:14.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44169
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:47:05.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/formSetVirtualSer" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/formSetVirtualSer" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44169", "datePublished": "2022-11-21T00:00:00", "dateReserved": "2022-10-30T00:00:00", "dateUpdated": "2024-08-03T13:47:05.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30378
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/5.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function \"sub_8EE8\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/5.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30378", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16936
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/Iolop/Poc/tree/master/Router/Tenda | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:43:59.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-11-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1\u0026path= URI that uses directory traversal sequences after a /usb/ substring." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-24T07:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16936", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1\u0026path= URI that uses directory traversal sequences after a /usb/ substring." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Iolop/Poc/tree/master/Router/Tenda", "refsource": "MISC", "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16936", "datePublished": "2017-11-24T07:00:00", "dateReserved": "2017-11-24T00:00:00", "dateUpdated": "2024-08-05T20:43:59.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18728
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/rce1.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/rce1.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/rce1.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/rce1.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/rce1.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18728", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30375
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/1.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function \"getIfIp\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/1.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30375", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18709
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"firewallEn\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-27T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18709", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"firewallEn\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md", "refsource": "MISC", "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/Tenda.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18709", "datePublished": "2018-10-27T22:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2811
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257666 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257666 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257666 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257666" }, { "name": "VDB-257666 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257666" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2811", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-27T13:55:59.253282Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T22:53:07.447Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formWifiWpsStart der Datei /goform/WifiWpsStart. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T06:00:07.629Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257666 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257666" }, { "name": "VDB-257666 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257666" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:39:46.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2811", "datePublished": "2024-03-22T06:00:07.629Z", "dateReserved": "2024-03-21T21:34:43.200Z", "dateUpdated": "2024-08-21T22:53:07.447Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2812
Vulnerability from cvelistv5
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257667 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257667 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md | exploit |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2812", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-22T18:03:05.827279Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:16.411Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.149Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257667 | Tenda AC15 WriteFacMac formWriteFacMac os command injection", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257667" }, { "name": "VDB-257667 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257667" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T06:31:04.518Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257667 | Tenda AC15 WriteFacMac formWriteFacMac os command injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257667" }, { "name": "VDB-257667 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257667" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:39:54.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 WriteFacMac formWriteFacMac os command injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2812", "datePublished": "2024-03-22T06:31:04.518Z", "dateReserved": "2024-03-21T21:34:51.784Z", "dateUpdated": "2024-08-01T19:25:42.149Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2814
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257669 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257669 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257669 | Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257669" }, { "name": "VDB-257669 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257669" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2814", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-08T20:33:21.558548Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T20:34:16.925Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion fromDhcpListClient der Datei /goform/DhcpListClient. Mittels dem Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T07:00:07.402Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257669 | Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257669" }, { "name": "VDB-257669 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257669" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:40:11.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2814", "datePublished": "2024-03-22T07:00:07.402Z", "dateReserved": "2024-03-21T21:35:08.751Z", "dateUpdated": "2024-08-08T20:34:16.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44167
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:47:05.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drive.google.com/file/d/1Jq8Tm_2FDS4WDD_afdhg1LnA3VcvZdjS/view?usp=sharing" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://drive.google.com/file/d/1Jq8Tm_2FDS4WDD_afdhg1LnA3VcvZdjS/view?usp=sharing" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-44167", "datePublished": "2022-11-21T00:00:00", "dateReserved": "2022-10-30T00:00:00", "dateUpdated": "2024-08-03T13:47:05.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2851
Vulnerability from cvelistv5
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257775 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257775 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md | exploit |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257775 | Tenda AC15 setsambacfg formSetSambaConf os command injection", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257775" }, { "name": "VDB-257775 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257775" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] }, { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2851", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T18:19:08.608418Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T19:16:03.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "wxhwxhwxh_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion formSetSambaConf der Datei /goform/setsambacfg. Dank Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-24T03:00:06.055Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257775 | Tenda AC15 setsambacfg formSetSambaConf os command injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257775" }, { "name": "VDB-257775 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257775" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-23T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-23T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-23T06:51:59.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 setsambacfg formSetSambaConf os command injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2851", "datePublished": "2024-03-24T03:00:06.055Z", "dateReserved": "2024-03-23T05:46:49.759Z", "dateUpdated": "2024-08-22T19:16:03.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40851
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:42.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-23T14:02:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-40851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md", "refsource": "MISC", "url": "https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40851", "datePublished": "2022-09-23T14:02:51", "dateReserved": "2022-09-19T00:00:00", "dateUpdated": "2024-08-03T12:28:42.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30373
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.866Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/8.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function \"xian_pppoe_user\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/8.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30373", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10986
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/research/ | x_refsource_MISC | |
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:21:14.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-13T17:59:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.ise.io/research/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10986", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ise.io/research/", "refsource": "MISC", "url": "https://www.ise.io/research/" }, { "name": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68", "refsource": "MISC", "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10986", "datePublished": "2020-07-13T17:59:19", "dateReserved": "2020-03-26T00:00:00", "dateUpdated": "2024-08-04T11:21:14.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30372
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.866Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/10.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, The function \"xkjs_ver32\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/10.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30372", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43259
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:26:02.811Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drive.google.com/file/d/1VjYjZKv7MJ69hGPG-xD0xublUw-taq4w/view?usp=sharing" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://drive.google.com/file/d/1VjYjZKv7MJ69hGPG-xD0xublUw-taq4w/view?usp=sharing" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-43259", "datePublished": "2022-10-18T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T13:26:02.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2807
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257662 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257662 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2807", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-25T16:38:21.385456Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T14:21:00.450Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257662" }, { "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257662" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" }, { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formExpandDlnaFile der Datei /goform/expandDlnaFile. Durch das Beeinflussen des Arguments filePath mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T04:31:05.417Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257662" }, { "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257662" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:38:57.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2807", "datePublished": "2024-03-22T04:31:05.417Z", "dateReserved": "2024-03-21T21:33:54.048Z", "dateUpdated": "2024-08-01T19:25:41.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2852
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257776 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257776 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md | exploit |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2852", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-25T16:30:34.040979Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:17.156Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.173Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257776 | Tenda AC15 saveParentControlInfo stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257776" }, { "name": "VDB-257776 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257776" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "wxhwxhwxh_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.20_multi wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Mit der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-24T04:31:04.363Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257776 | Tenda AC15 saveParentControlInfo stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257776" }, { "name": "VDB-257776 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257776" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-23T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-23T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-23T06:52:11.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 saveParentControlInfo stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2852", "datePublished": "2024-03-24T04:31:04.363Z", "dateReserved": "2024-03-23T05:46:57.422Z", "dateUpdated": "2024-08-01T19:25:42.173Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10661
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.282676 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.282676 | signature, permissions-required | |
https://vuldb.com/?submit.434932 | third-party-advisory | |
https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formDLNAserver/tenda_ac15_stackflow_formDLNAserver.md | exploit | |
https://www.tenda.com.cn/ | product |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-10661", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-01T19:06:43.033160Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-05T15:26:23.637Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.19" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "theRaz0r (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "In Tenda AC15 15.03.05.19 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion SetDlnaCfg der Datei /goform/SetDlnaCfg. Durch das Beeinflussen des Arguments scanList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T16:00:13.148Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-282676 | Tenda AC15 SetDlnaCfg stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.282676" }, { "name": "VDB-282676 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.282676" }, { "name": "Submit #434932 | Tenda AC15 V15.03.05.19 Buffer Overflow", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.434932" }, { "tags": [ "exploit" ], "url": "https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formDLNAserver/tenda_ac15_stackflow_formDLNAserver.md" }, { "tags": [ "product" ], "url": "https://www.tenda.com.cn/" } ], "timeline": [ { "lang": "en", "time": "2024-11-01T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-01T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-01T10:18:54.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 SetDlnaCfg stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-10661", "datePublished": "2024-11-01T16:00:13.148Z", "dateReserved": "2024-11-01T09:13:46.982Z", "dateUpdated": "2024-11-05T15:26:23.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18732
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.422Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027ntpServer\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18732", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027ntpServer\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18732", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.422Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2850
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257774 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257774 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2850", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T13:55:57.303430Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T19:51:25.514Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:42.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257774 | Tenda AC15 saveParentControlInfo stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257774" }, { "name": "VDB-257774 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257774" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.05.18" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "wxhwxhwxh_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.05.18 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Dank der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-24T02:00:06.578Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257774 | Tenda AC15 saveParentControlInfo stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257774" }, { "name": "VDB-257774 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257774" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-23T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-23T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-23T06:51:53.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 saveParentControlInfo stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2850", "datePublished": "2024-03-24T02:00:06.578Z", "dateReserved": "2024-03-23T05:46:47.272Z", "dateUpdated": "2024-08-01T19:25:42.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2813
Vulnerability from cvelistv5
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.257668 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.257668 | signature, permissions-required | |
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md | exploit |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac15_firmware", "vendor": "tenda", "versions": [ { "status": "affected", "version": "15.03.05.20_multi" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2813", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-23T20:28:00.506212Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-23T20:28:09.491Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:25:41.881Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VDB-257668 | Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow", "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.257668" }, { "name": "VDB-257668 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.257668" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AC15", "vendor": "Tenda", "versions": [ { "status": "affected", "version": "15.03.20_multi" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Tenda AC15 15.03.20_multi wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Durch Manipulation des Arguments ssid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-22T06:31:05.875Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-257668 | Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.257668" }, { "name": "VDB-257668 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.257668" }, { "tags": [ "exploit" ], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-03-21T22:40:06.000Z", "value": "VulDB entry last update" } ], "title": "Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-2813", "datePublished": "2024-03-22T06:31:05.875Z", "dateReserved": "2024-03-21T21:35:03.729Z", "dateUpdated": "2024-08-23T20:28:09.491Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18731
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-27T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceMac\u0027 parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-28T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceMac\u0027 parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md", "refsource": "MISC", "url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18731", "datePublished": "2018-10-28T00:00:00", "dateReserved": "2018-10-27T00:00:00", "dateUpdated": "2024-08-05T11:16:00.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16923
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/Iolop/Poc/tree/master/Router/Tenda | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the \"sub_A6E8 usbeject_process_entry\" function executes a system function with untrusted input." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-21T14:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16923", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the \"sub_A6E8 usbeject_process_entry\" function executes a system function with untrusted input." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Iolop/Poc/tree/master/Router/Tenda", "refsource": "MISC", "url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16923", "datePublished": "2017-11-21T14:00:00Z", "dateReserved": "2017-11-21T00:00:00Z", "dateUpdated": "2024-09-17T03:14:10.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30376
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:21:44.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/2205794866/Tenda/blob/main/AC15/9.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Tenda AC15 V15.03.05.19, the function \"henan_pppoe_user\" contains a stack-based buffer overflow vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/2205794866/Tenda/blob/main/AC15/9.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30376", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-07T00:00:00", "dateUpdated": "2024-08-02T14:21:44.857Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28556
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:15.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-04T15:13:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md", "refsource": "MISC", "url": "https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28556", "datePublished": "2022-05-04T15:13:19", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2024-08-03T05:56:15.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202209-1624
Vulnerability from variot
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the fact that the fromAddressNat method does not check the size of the input data. Attackers can exploit the vulnerability to cause remote code execution or denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1624", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40851" } ] }, "cve": "CVE-2022-40851", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88200", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40851", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40851", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88200", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2375", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" }, { "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the fact that the fromAddressNat method does not check the size of the input data. Attackers can exploit the vulnerability to cause remote code execution or denial of service", "sources": [ { "db": "NVD", "id": "CVE-2022-40851" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "CNVD", "id": "CNVD-2022-88200" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40851", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017559", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88200", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2375", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" }, { "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "id": "VAR-202209-1624", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" } ] }, "last_update_date": "2023-12-18T13:59:31.150000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 fromAddressNat stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372591" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208886" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/addressnat.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40851" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40851/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" }, { "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88200" }, { "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "db": "NVD", "id": "CVE-2022-40851" }, { "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-17T00:00:00", "db": "CNVD", "id": "CNVD-2022-88200" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "date": "2022-09-23T15:15:14.360000", "db": "NVD", "id": "CVE-2022-40851" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88200" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017559" }, { "date": "2022-09-23T20:31:13.293000", "db": "NVD", "id": "CVE-2022-40851" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2375" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2375" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017559" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2375" } ], "trust": 0.6 } }
var-202208-1444
Vulnerability from variot
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Tenda AC15 has a buffer overflow vulnerability caused by improper bounds checking of the WifiBasicSet function. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-1444", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.18" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-37175" } ] }, "cve": "CVE-2022-37175", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-75823", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-37175", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-37175", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-75823", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202208-3607", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" }, { "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\r\n\r\nTenda AC15 has a buffer overflow vulnerability caused by improper bounds checking of the WifiBasicSet function. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system", "sources": [ { "db": "NVD", "id": "CVE-2022-37175" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "VULMON", "id": "CVE-2022-37175" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-37175", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-015097", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-75823", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202208-3607", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-37175", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "VULMON", "id": "CVE-2022-37175" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" }, { "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "id": "VAR-202208-1444", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" } ] }, "last_update_date": "2023-12-18T13:17:14.405000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 Buffer Overflow Vulnerability (CNVD-2022-75823)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/360396" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://drive.google.com/file/d/16hshichs8j3yafpkqd3xajvuwu_qvbe3/view" }, { "trust": 2.5, "url": "https://www.cnblogs.com/amalll/p/16527552.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37175" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-37175/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "VULMON", "id": "CVE-2022-37175" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" }, { "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-75823" }, { "db": "VULMON", "id": "CVE-2022-37175" }, { "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "db": "NVD", "id": "CVE-2022-37175" }, { "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-10T00:00:00", "db": "CNVD", "id": "CNVD-2022-75823" }, { "date": "2022-08-19T00:00:00", "db": "VULMON", "id": "CVE-2022-37175" }, { "date": "2023-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "date": "2022-08-19T21:15:09", "db": "NVD", "id": "CVE-2022-37175" }, { "date": "2022-08-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-10T00:00:00", "db": "CNVD", "id": "CNVD-2022-75823" }, { "date": "2022-08-20T00:00:00", "db": "VULMON", "id": "CVE-2022-37175" }, { "date": "2023-09-25T08:43:00", "db": "JVNDB", "id": "JVNDB-2022-015097" }, { "date": "2022-08-23T19:01:58.540000", "db": "NVD", "id": "CVE-2022-37175" }, { "date": "2022-08-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-3607" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-3607" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-015097" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-3607" } ], "trust": 0.6 } }
var-201711-0630
Vulnerability from variot
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318)cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. Shenzhen Tenda Ac9 , Ac15 ,and Ac18 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ShenzhenTendaAc9 and other are the wireless router products of Tenda. App_data_center is one of the application data centers. There is a command injection vulnerability in app_data_center in several ShenzhenTenda products. The following versions are affected: Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01 Version, Ac9 ac9_kf_V15.03.05.19(6318)cn Version, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01 Version, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01 Version, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 version, Ac18 ac18_kf_V15.03.05.19(6318)_cn devices version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0630", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac15v1.0br_v15.03.05.18_multi_td01" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac15v1.0br_v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac18v1.0br_v15.03.05.05_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac9v1.0br_v15.03.05.14_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "ac9_kf_v15.03.05.19\\(6318_\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "ac18_kf_v15.03.05.19\\(6318_\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac18_kf_v15.03.05.19(6318_)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac9_kf_v15.03.05.19(6318_)_cn" }, { "model": "tenda technology co.,ltd. w15e devices", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 us_ac9v1.0br_v15.03.05.14_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac9_kf_v15.03.05.19 _cn", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac15 us_ac15v1.0br_v15.03.05.18_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac15 us_ac15v1.0br_v15.03.05.19_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac18 us_ac18v1.0br_v15.03.05.05_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac18 ac18_kf_v15.03.05.19 _cn", "scope": null, "trust": 0.6, "vendor": "", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\\(6318_\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\\(6318_\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-16923" } ] }, "cve": "CVE-2017-16923", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 8.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2017-16923", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2017-37811", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "VHN-107894", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-16923", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-16923", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-37811", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201711-888", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-107894", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the \"sub_A6E8 usbeject_process_entry\" function executes a system function with untrusted input. Shenzhen Tenda Ac9 , Ac15 ,and Ac18 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ShenzhenTendaAc9 and other are the wireless router products of Tenda. App_data_center is one of the application data centers. There is a command injection vulnerability in app_data_center in several ShenzhenTenda products. The following versions are affected: Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01 Version, Ac9 ac9_kf_V15.03.05.19(6318_)_cn Version, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01 Version, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01 Version, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 version, Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices version", "sources": [ { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-16923", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2017-010774", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201711-888", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2017-37811", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-107894", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "id": "VAR-201711-0630", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" } ], "trust": 1.1473388866666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" } ] }, "last_update_date": "2023-12-18T13:14:06.049000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://tendacn.com/en/default.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010774" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.1 }, { "problemtype": "CWE-77", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107894" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/iolop/poc/tree/master/router/tenda" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16923" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16923" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-37811" }, { "db": "VULHUB", "id": "VHN-107894" }, { "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "db": "NVD", "id": "CVE-2017-16923" }, { "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-21T00:00:00", "db": "CNVD", "id": "CNVD-2017-37811" }, { "date": "2017-11-21T00:00:00", "db": "VULHUB", "id": "VHN-107894" }, { "date": "2017-12-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "date": "2017-11-21T14:29:00.260000", "db": "NVD", "id": "CVE-2017-16923" }, { "date": "2017-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-21T00:00:00", "db": "CNVD", "id": "CNVD-2017-37811" }, { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-107894" }, { "date": "2017-12-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010774" }, { "date": "2019-10-03T00:03:26.223000", "db": "NVD", "id": "CVE-2017-16923" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-888" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-888" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Shenzhen Tenda Command injection vulnerability in devices", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010774" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-888" } ], "trust": 0.6 } }
var-202403-0901
Vulnerability from variot
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0901", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2807" } ] }, "cve": "CVE-2024-2807", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2807", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2807", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2807", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2807" }, { "db": "JVNDB", "id": "JVNDB-2024-003044" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2807", "trust": 2.6 }, { "db": "VULDB", "id": "257662", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003044", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "id": "VAR-202403-0901", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:11:01.725000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formexpanddlnafile.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257662" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257662" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2807" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "db": "NVD", "id": "CVE-2024-2807" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "date": "2024-03-22T05:15:48.807000", "db": "NVD", "id": "CVE-2024-2807" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:30:00", "db": "JVNDB", "id": "JVNDB-2024-003044" }, { "date": "2024-05-17T02:38:31.100000", "db": "NVD", "id": "CVE-2024-2807" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003044" } ], "trust": 0.8 } }
var-201809-0930
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. plural Tenda Product Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda AC7, etc. are all wireless router products of China Tenda. An attacker can use this vulnerability to cause a denial of service. The following products and versions are affected: Tenda AC7 15.03.06.44_CN Version; AC9 15.03.05.19(6318)_CN Version; AC10 15.03.06.23_CN Version; AC15 15.03.05.19_CN Version; AC18 15.03.05.19(6318)_CN Version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0930", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac10", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": "15.03.06.23" }, { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac7", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": "15.03.06.44" }, { "model": "ac18", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac10", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9 15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac7 15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.03.05.19", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16333" } ] }, "cve": "CVE-2018-16333", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16333", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-35175", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-126682", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16333", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16333", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2020-35175", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201809-036", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-126682", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16333", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" }, { "db": "VULMON", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. plural Tenda Product Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda AC7, etc. are all wireless router products of China Tenda. An attacker can use this vulnerability to cause a denial of service. The following products and versions are affected: Tenda AC7 15.03.06.44_CN Version; AC9 15.03.05.19(6318)_CN Version; AC10 15.03.06.23_CN Version; AC15 15.03.05.19_CN Version; AC18 15.03.05.19(6318)_CN Version", "sources": [ { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" }, { "db": "VULMON", "id": "CVE-2018-16333" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16333", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2018-009403", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201809-036", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-35175", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-126682", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16333", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" }, { "db": "VULMON", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "id": "VAR-201809-0930", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" } ] }, "last_update_date": "2023-12-18T13:13:40.492000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" }, { "title": "", "trust": 0.1, "url": "https://github.com/kal1x/iotvulhub " }, { "title": "Routers", "trust": 0.1, "url": "https://github.com/zillr0/routers " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-126682" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://github.com/zillr0/routers/blob/master/tenda/oob1.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16333" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16333" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/kal1x/iotvulhub" }, { "trust": 0.1, "url": "https://github.com/zillr0/routers" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" }, { "db": "VULMON", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-35175" }, { "db": "VULHUB", "id": "VHN-126682" }, { "db": "VULMON", "id": "CVE-2018-16333" }, { "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "db": "NVD", "id": "CVE-2018-16333" }, { "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-30T00:00:00", "db": "CNVD", "id": "CNVD-2020-35175" }, { "date": "2018-09-02T00:00:00", "db": "VULHUB", "id": "VHN-126682" }, { "date": "2018-09-02T00:00:00", "db": "VULMON", "id": "CVE-2018-16333" }, { "date": "2018-11-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "date": "2018-09-02T03:29:00.620000", "db": "NVD", "id": "CVE-2018-16333" }, { "date": "2018-09-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-30T00:00:00", "db": "CNVD", "id": "CNVD-2020-35175" }, { "date": "2018-10-25T00:00:00", "db": "VULHUB", "id": "VHN-126682" }, { "date": "2018-10-25T00:00:00", "db": "VULMON", "id": "CVE-2018-16333" }, { "date": "2018-11-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009403" }, { "date": "2018-10-25T15:40:03.707000", "db": "NVD", "id": "CVE-2018-16333" }, { "date": "2018-09-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201809-036" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-036" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-009403" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201809-036" } ], "trust": 0.6 } }
var-202209-1328
Vulnerability from variot
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Tenda of AC15 firmware and AC18 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1328", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-38325" } ] }, "cve": "CVE-2022-38325", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-38325", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-38325", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202209-1161", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" }, { "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Tenda of AC15 firmware and AC18 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-38325" }, { "db": "JVNDB", "id": "JVNDB-2022-017012" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-38325", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2022-017012", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202209-1161", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" }, { "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "id": "VAR-202209-1328", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4468542 }, "last_update_date": "2023-12-18T13:46:26.650000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Tenda AC15 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=208308" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/1160300418/vuls/blob/main/tenda/ac/vul_expanddlnafile.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38325" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-38325/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" }, { "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "db": "NVD", "id": "CVE-2022-38325" }, { "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "date": "2022-09-15T20:15:09.537000", "db": "NVD", "id": "CVE-2022-38325" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-10T08:20:00", "db": "JVNDB", "id": "JVNDB-2022-017012" }, { "date": "2022-09-19T17:59:04.363000", "db": "NVD", "id": "CVE-2022-38325" }, { "date": "2022-09-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-1161" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1161" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Classic buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017012" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1161" } ], "trust": 0.6 } }
var-202209-1578
Vulnerability from variot
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set. Tenda of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that the list parameter of the fast_setting_wifi_set function does not check the size of the input data. Attackers can exploit the vulnerability to cause remote code execution or denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1578", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40853" } ] }, "cve": "CVE-2022-40853", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88198", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40853", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40853", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88198", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2395", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" }, { "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set. Tenda of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that the list parameter of the fast_setting_wifi_set function does not check the size of the input data. Attackers can exploit the vulnerability to cause remote code execution or denial of service", "sources": [ { "db": "NVD", "id": "CVE-2022-40853" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "CNVD", "id": "CNVD-2022-88198" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40853", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017558", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88198", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2395", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" }, { "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "id": "VAR-202209-1578", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" } ] }, "last_update_date": "2023-12-18T11:55:37.580000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 fast_setting_wifi_set stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372546" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208897" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/form_fast_setting_wifi_set.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40853" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40853/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" }, { "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88198" }, { "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "db": "NVD", "id": "CVE-2022-40853" }, { "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-17T00:00:00", "db": "CNVD", "id": "CNVD-2022-88198" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "date": "2022-09-23T14:15:13.177000", "db": "NVD", "id": "CVE-2022-40853" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88198" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017558" }, { "date": "2022-09-23T20:28:59.397000", "db": "NVD", "id": "CVE-2022-40853" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2395" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2395" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017558" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2395" } ], "trust": 0.6 } }
var-202209-1754
Vulnerability from variot
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the setSchedWifi method does not check the size of the input data when there is a request /goform/openSchedWifi/. Attackers can exploit the vulnerability to cause remote code execution or rejection Serve
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1754", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40865" } ] }, "cve": "CVE-2022-40865", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88196", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40865", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40865", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88196", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2389", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" }, { "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the setSchedWifi method does not check the size of the input data when there is a request /goform/openSchedWifi/. Attackers can exploit the vulnerability to cause remote code execution or rejection Serve", "sources": [ { "db": "NVD", "id": "CVE-2022-40865" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "CNVD", "id": "CNVD-2022-88196" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40865", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017554", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88196", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2389", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" }, { "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "id": "VAR-202209-1754", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" } ], "trust": 1.0468541999999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" } ] }, "last_update_date": "2023-12-18T13:22:11.378000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 and AC18 setSchedWifi heap overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372506" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208892" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/setschedwifi.md" }, { "trust": 2.4, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac18/setschedwifi.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40865" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40865/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" }, { "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88196" }, { "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "db": "NVD", "id": "CVE-2022-40865" }, { "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-88196" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "date": "2022-09-23T14:15:13.347000", "db": "NVD", "id": "CVE-2022-40865" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88196" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017554" }, { "date": "2022-09-23T20:22:48.883000", "db": "NVD", "id": "CVE-2022-40865" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2389" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2389" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017554" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2389" } ], "trust": 0.6 } }
var-202211-1419
Vulnerability from variot
Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is due to the fact that its formSetPPTPServer function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1419", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.18" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" }, { "db": "NVD", "id": "CVE-2022-44167" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44167" } ] }, "cve": "CVE-2022-44167", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87023", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-44167", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-87023", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-3224", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" }, { "db": "NVD", "id": "CVE-2022-44167" }, { "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is due to the fact that its formSetPPTPServer function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2022-44167" }, { "db": "CNVD", "id": "CNVD-2022-87023" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-44167", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2022-87023", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202211-3224", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" }, { "db": "NVD", "id": "CVE-2022-44167" }, { "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "id": "VAR-202211-1419", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" } ] }, "last_update_date": "2023-12-18T13:11:45.453000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44167" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://drive.google.com/file/d/1jq8tm_2fds4wdd_afdhg1lna3vcvzdjs/view?usp=sharing" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-44167/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" }, { "db": "NVD", "id": "CVE-2022-44167" }, { "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87023" }, { "db": "NVD", "id": "CVE-2022-44167" }, { "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T00:00:00", "db": "CNVD", "id": "CNVD-2022-87023" }, { "date": "2022-11-21T15:15:10.720000", "db": "NVD", "id": "CVE-2022-44167" }, { "date": "2022-11-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-87023" }, { "date": "2022-11-21T20:32:31.667000", "db": "NVD", "id": "CVE-2022-44167" }, { "date": "2022-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3224" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3224" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 formSetPPTPServer function buffer overflow vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-87023" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3224" } ], "trust": 0.6 } }
var-202403-0813
Vulnerability from variot
A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0813", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2817" } ] }, "cve": "CVE-2024-2817", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "cna@vuldb.com", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2024-2817", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2817", "trust": 1.8, "value": "MEDIUM" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2817", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd", "sources": [ { "db": "NVD", "id": "CVE-2024-2817" }, { "db": "JVNDB", "id": "JVNDB-2024-003034" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2817", "trust": 2.6 }, { "db": "VULDB", "id": "257672", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003034", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "id": "VAR-202403-0813", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T22:45:50.993000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.0 }, { "problemtype": "Cross-site request forgery (CWE-352) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/fromsystoolrestoreset.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257672" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257672" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2817" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "db": "NVD", "id": "CVE-2024-2817" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "date": "2024-03-22T08:15:10.257000", "db": "NVD", "id": "CVE-2024-2817" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:56:00", "db": "JVNDB", "id": "JVNDB-2024-003034" }, { "date": "2024-05-17T02:38:32.210000", "db": "NVD", "id": "CVE-2024-2817" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Cross-site request forgery vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003034" } ], "trust": 0.8 } }
var-202211-1423
Vulnerability from variot
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that its formSetIpMacBind function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1423", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" }, { "db": "NVD", "id": "CVE-2022-44156" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44156" } ] }, "cve": "CVE-2022-44156", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-87022", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-44156", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-87022", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-3203", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" }, { "db": "NVD", "id": "CVE-2022-44156" }, { "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that its formSetIpMacBind function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2022-44156" }, { "db": "CNVD", "id": "CNVD-2022-87022" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-44156", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2022-87022", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202211-3203", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" }, { "db": "NVD", "id": "CVE-2022-44156" }, { "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "id": "VAR-202211-1423", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" } ] }, "last_update_date": "2023-12-18T13:36:36.213000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44156" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://drive.google.com/file/d/1dbmwbyl40uqmisv_doew8pfjrhgx-j97/view?usp=sharing" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-44156/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" }, { "db": "NVD", "id": "CVE-2022-44156" }, { "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87022" }, { "db": "NVD", "id": "CVE-2022-44156" }, { "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T00:00:00", "db": "CNVD", "id": "CNVD-2022-87022" }, { "date": "2022-11-21T16:15:25.803000", "db": "NVD", "id": "CVE-2022-44156" }, { "date": "2022-11-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-87022" }, { "date": "2022-11-22T01:07:45.960000", "db": "NVD", "id": "CVE-2022-44156" }, { "date": "2022-11-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3203" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3203" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 formSetIpMacBind function buffer overflow vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-87022" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3203" } ], "trust": 0.6 } }
var-202007-0064
Vulnerability from variot
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Tenda AC15 AC1900 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0064", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15 ac1900", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10987" } ] }, "cve": "CVE-2020-10987", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-007726", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2020-41513", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2020-10987", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007726", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10987", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-007726", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-41513", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202007-564", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-10987", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "VULMON", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" }, { "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Tenda AC15 AC1900 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company", "sources": [ { "db": "NVD", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "VULMON", "id": "CVE-2020-10987" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10987", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-007726", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41513", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48170", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-564", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-10987", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "VULMON", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" }, { "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "id": "VAR-202007-0064", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" } ] }, "last_update_date": "2023-12-18T13:23:12.252000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.tenda.cz/" }, { "title": "", "trust": 0.1, "url": "https://github.com/20142995/goby " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.0 }, { "problemtype": "CWE-74", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10987" }, { "trust": 1.7, "url": "https://www.ise.io/research/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10987" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48170" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/78.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "VULMON", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" }, { "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41513" }, { "db": "VULMON", "id": "CVE-2020-10987" }, { "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "db": "NVD", "id": "CVE-2020-10987" }, { "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41513" }, { "date": "2020-07-13T00:00:00", "db": "VULMON", "id": "CVE-2020-10987" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "date": "2020-07-13T19:15:12.207000", "db": "NVD", "id": "CVE-2020-10987" }, { "date": "2020-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41513" }, { "date": "2021-07-21T00:00:00", "db": "VULMON", "id": "CVE-2020-10987" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007726" }, { "date": "2021-07-21T11:39:23.747000", "db": "NVD", "id": "CVE-2020-10987" }, { "date": "2020-08-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-564" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-564" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 AC1900 Injection vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007726" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-564" } ], "trust": 0.6 } }
var-202403-0920
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0920", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2812" } ] }, "cve": "CVE-2024-2812", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2812", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2812", "trust": 1.8, "value": "HIGH" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2812", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2812" }, { "db": "JVNDB", "id": "JVNDB-2024-003039" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2812", "trust": 2.6 }, { "db": "VULDB", "id": "257667", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003039", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "id": "VAR-202403-0920", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:09:38.068000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.0 }, { "problemtype": "OS Command injection (CWE-78) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formwritefacmac.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257667" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257667" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2812" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "db": "NVD", "id": "CVE-2024-2812" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "date": "2024-03-22T07:15:46.283000", "db": "NVD", "id": "CVE-2024-2812" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:20:00", "db": "JVNDB", "id": "JVNDB-2024-003039" }, { "date": "2024-05-17T02:38:31.660000", "db": "NVD", "id": "CVE-2024-2812" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003039" } ], "trust": 0.8 } }
var-202005-0455
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0455", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318_)_cn" }, { "model": "ac6", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v3.0 15.03.06.42_multi" }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0v15.03.05.19(6318)" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318)" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13389" } ] }, "cve": "CVE-2020-13389", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005757", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31386", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-13389", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005757", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13389", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005757", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31386", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1139", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-13389", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "VULMON", "id": "CVE-2020-13389" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" }, { "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13389" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "VULMON", "id": "CVE-2020-13389" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13389", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-005757", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31386", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1139", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-13389", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "VULMON", "id": "CVE-2020-13389" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" }, { "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "id": "VAR-202005-0455", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" } ], "trust": 1.3236694433333334 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" } ] }, "last_update_date": "2023-12-18T13:51:54.581000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005757" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13389" }, { "trust": 1.7, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13389" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "VULMON", "id": "CVE-2020-13389" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" }, { "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31386" }, { "db": "VULMON", "id": "CVE-2020-13389" }, { "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "db": "NVD", "id": "CVE-2020-13389" }, { "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31386" }, { "date": "2020-05-22T00:00:00", "db": "VULMON", "id": "CVE-2020-13389" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "date": "2020-05-22T17:15:11.033000", "db": "NVD", "id": "CVE-2020-13389" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31386" }, { "date": "2020-05-27T00:00:00", "db": "VULMON", "id": "CVE-2020-13389" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005757" }, { "date": "2020-05-27T20:27:38.843000", "db": "NVD", "id": "CVE-2020-13389" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1139" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1139" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005757" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1139" } ], "trust": 0.6 } }
var-202403-0912
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0912", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2851" } ] }, "cve": "CVE-2024-2851", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2851", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2851", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2851", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2851" }, { "db": "JVNDB", "id": "JVNDB-2024-003032" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2851", "trust": 2.6 }, { "db": "VULDB", "id": "257775", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003032", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "id": "VAR-202403-0912", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:03:49.974000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.0 }, { "problemtype": "OS Command injection (CWE-78) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/formsetsambaconf.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257775" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257775" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2851" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "db": "NVD", "id": "CVE-2024-2851" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "date": "2024-03-24T03:15:09.177000", "db": "NVD", "id": "CVE-2024-2851" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:56:00", "db": "JVNDB", "id": "JVNDB-2024-003032" }, { "date": "2024-05-17T02:38:34.107000", "db": "NVD", "id": "CVE-2024-2851" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003032" } ], "trust": 0.8 } }
var-202005-0459
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0459", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac9", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.05.19 cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18 ) cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13393" } ] }, "cve": "CVE-2020-13393", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005747", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31408", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005747", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13393", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005747", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31408", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1143", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" }, { "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13393" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "CNVD", "id": "CNVD-2020-31408" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13393", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-005747", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31408", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1143", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" }, { "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "id": "VAR-202005-0459", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" } ], "trust": 1.3927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" } ] }, "last_update_date": "2023-12-18T13:56:14.645000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://tendacn.com/en" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005747" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13393" }, { "trust": 1.0, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13393" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31408" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" }, { "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31408" }, { "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "db": "NVD", "id": "CVE-2020-13393" }, { "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31408" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "date": "2020-05-22T17:15:11.300000", "db": "NVD", "id": "CVE-2020-13393" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31408" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005747" }, { "date": "2020-05-27T19:42:29.323000", "db": "NVD", "id": "CVE-2020-13393" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1143" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1143" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005747" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1143" } ], "trust": 0.6 } }
var-202403-0930
Vulnerability from variot
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0930", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2808" } ] }, "cve": "CVE-2024-2808", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2808", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2808", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2808", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2808" }, { "db": "JVNDB", "id": "JVNDB-2024-003043" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2808", "trust": 2.6 }, { "db": "VULDB", "id": "257663", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003043", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "id": "VAR-202403-0930", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T22:40:10.961000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formquickindex.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257663" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257663" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2808" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "db": "NVD", "id": "CVE-2024-2808" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "date": "2024-03-22T05:15:49.017000", "db": "NVD", "id": "CVE-2024-2808" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:30:00", "db": "JVNDB", "id": "JVNDB-2024-003043" }, { "date": "2024-05-17T02:38:31.233000", "db": "NVD", "id": "CVE-2024-2808" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003043" } ], "trust": 0.8 } }
var-202304-2223
Vulnerability from variot
In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2223", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30372" } ] }, "cve": "CVE-2023-30372", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30372", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30372", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1892", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" }, { "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, The function \"xkjs_ver32\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30372" }, { "db": "JVNDB", "id": "JVNDB-2023-008962" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30372", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008962", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1892", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" }, { "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "id": "VAR-202304-2223", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T12:54:21.445000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/10.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30372" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30372/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" }, { "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "db": "NVD", "id": "CVE-2023-30372" }, { "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "date": "2023-04-24T15:15:09.053000", "db": "NVD", "id": "CVE-2023-30372" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:20:00", "db": "JVNDB", "id": "JVNDB-2023-008962" }, { "date": "2023-04-28T02:54:44.123000", "db": "NVD", "id": "CVE-2023-30372" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1892" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1892" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008962" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1892" } ], "trust": 0.6 } }
var-202210-1233
Vulnerability from variot
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Tenda AC15 is a wireless router made by China Tenda Company. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1233", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" }, { "db": "NVD", "id": "CVE-2022-43259" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-43259" } ] }, "cve": "CVE-2022-43259", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-43065", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-43259", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-43065", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202210-1194", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" }, { "db": "NVD", "id": "CVE-2022-43259" }, { "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Tenda AC15 is a wireless router made by China Tenda Company. An attacker could exploit the vulnerability to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2022-43259" }, { "db": "CNVD", "id": "CNVD-2023-43065" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43259", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2023-43065", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202210-1194", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" }, { "db": "NVD", "id": "CVE-2022-43259" }, { "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "id": "VAR-202210-1233", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" } ] }, "last_update_date": "2023-12-18T12:34:11.151000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-43259" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://drive.google.com/file/d/1vjyjzkv7mj69hgpg-xd0xubluw-taq4w/view?usp=sharing" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43259" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43259/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" }, { "db": "NVD", "id": "CVE-2022-43259" }, { "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-43065" }, { "db": "NVD", "id": "CVE-2022-43259" }, { "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-43065" }, { "date": "2022-10-18T15:15:10.390000", "db": "NVD", "id": "CVE-2022-43259" }, { "date": "2022-10-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2023-43065" }, { "date": "2022-10-20T15:44:55.367000", "db": "NVD", "id": "CVE-2022-43259" }, { "date": "2022-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1194" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1194" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 buffer overflow vulnerability (CNVD-2023-43065)", "sources": [ { "db": "CNVD", "id": "CNVD-2023-43065" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1194" } ], "trust": 0.6 } }
var-202005-0457
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0457", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac9", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.05.19 cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18 ) cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13391" } ] }, "cve": "CVE-2020-13391", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005745", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31397", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-13391", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005745", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13391", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005745", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31397", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1141", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-13391", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "VULMON", "id": "CVE-2020-13391" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" }, { "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13391" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "VULMON", "id": "CVE-2020-13391" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13391", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-005745", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31397", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1141", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-13391", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "VULMON", "id": "CVE-2020-13391" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" }, { "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "id": "VAR-202005-0457", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" } ], "trust": 1.3927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" } ] }, "last_update_date": "2023-12-18T13:47:31.324000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://tendacn.com/en" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005745" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13391" }, { "trust": 1.7, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13391" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "VULMON", "id": "CVE-2020-13391" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" }, { "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31397" }, { "db": "VULMON", "id": "CVE-2020-13391" }, { "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "db": "NVD", "id": "CVE-2020-13391" }, { "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31397" }, { "date": "2020-05-22T00:00:00", "db": "VULMON", "id": "CVE-2020-13391" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "date": "2020-05-22T17:15:11.177000", "db": "NVD", "id": "CVE-2020-13391" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31397" }, { "date": "2020-05-27T00:00:00", "db": "VULMON", "id": "CVE-2020-13391" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005745" }, { "date": "2020-05-27T19:50:31.210000", "db": "NVD", "id": "CVE-2020-13391" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1141" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1141" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005745" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1141" } ], "trust": 0.6 } }
var-201802-1227
Vulnerability from variot
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Tenda AC15 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda. ** Advisory Information
Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vendor: Tenda Date Published: 14/02/2018 CVE: CVE-2018-5767
** Vulnerability Summary
The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf.
** Vendor Response
Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation.
** Report Timeline
Vulnerability discovered and first reported - 14/1/2018
Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018
CVE's assigned by Mitre.org - 19/1/2018
Livechat attempt to contact vendor - 19/1/2018
Another attempt to contact vendor 23/1/2018
Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018
Final contact attempted & warning of public disclosure - 8/2/2018
Public disclosure - 14/2/2018
** Credit
This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team.
** References
https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
** Disclaimer
This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
[https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201802-1227", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": "15.03.1.16" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.1.16" }, { "model": "ac15 router", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.1.16" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-5767" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tim Carrington", "sources": [ { "db": "PACKETSTORM", "id": "146424" } ], "trust": 0.1 }, "cve": "CVE-2018-5767", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-5767", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-07423", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-135799", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-5767", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-5767", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-07423", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201802-893", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-135799", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-5767", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Tenda AC15 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda. ** Advisory Information\n\nTitle: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router\nBlog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/\nVendor: Tenda\nDate Published: 14/02/2018\nCVE: CVE-2018-5767\n\n\n** Vulnerability Summary\n\nThe vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf. \n\n** Vendor Response\n\nNumerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset\u0027s have been redacted from the post to prevent point and click exploitation. \n\n\n** Report Timeline\n\nVulnerability discovered and first reported - 14/1/2018\n\nSecond attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018\n\nCVE\u0027s assigned by Mitre.org - 19/1/2018\n\nLivechat attempt to contact vendor - 19/1/2018\n\nAnother attempt to contact vendor 23/1/2018\n\nFurther attempt to contact vendor, confirming 5 CVE\u0027s had been assigned to their product - 31/1/2018\n\nFinal contact attempted \u0026 warning of public disclosure - 8/2/2018\n\nPublic disclosure - 14/2/2018\n\n** Credit\n\nThis vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus\nInformation Security research team. \n\n\n** References\n\nhttps://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/\n\n\n** Disclaimer\n\nThis advisory is licensed under a Creative Commons Attribution Non-Commercial\nShare-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/\n\n\n[https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" }, { "db": "PACKETSTORM", "id": "146424" } ], "trust": 2.43 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-135799", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44253", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5767", "trust": 3.3 }, { "db": "EXPLOIT-DB", "id": "44253", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2018-002267", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201802-893", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2018-07423", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "146424", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-97161", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-135799", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-5767", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "PACKETSTORM", "id": "146424" }, { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "id": "VAR-201802-1227", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" } ], "trust": 1.4462291999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" } ] }, "last_update_date": "2023-12-18T13:24:10.282000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "AC15", "trust": 0.8, "url": "http://tendacn.com/en/product/ac15.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002267" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135799" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "NVD", "id": "CVE-2018-5767" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.3, "url": "https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/" }, { "trust": 1.9, "url": "https://www.exploit-db.com/exploits/44253/" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5767" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5767" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/" }, { "trust": 0.1, "url": "https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "PACKETSTORM", "id": "146424" }, { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-07423" }, { "db": "VULHUB", "id": "VHN-135799" }, { "db": "VULMON", "id": "CVE-2018-5767" }, { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "PACKETSTORM", "id": "146424" }, { "db": "NVD", "id": "CVE-2018-5767" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2018-07423" }, { "date": "2018-02-15T00:00:00", "db": "VULHUB", "id": "VHN-135799" }, { "date": "2018-02-15T00:00:00", "db": "VULMON", "id": "CVE-2018-5767" }, { "date": "2018-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "date": "2018-02-16T18:32:22", "db": "PACKETSTORM", "id": "146424" }, { "date": "2018-02-15T23:29:00.513000", "db": "NVD", "id": "CVE-2018-5767" }, { "date": "2018-02-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2018-07423" }, { "date": "2018-03-15T00:00:00", "db": "VULHUB", "id": "VHN-135799" }, { "date": "2018-03-15T00:00:00", "db": "VULMON", "id": "CVE-2018-5767" }, { "date": "2018-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "date": "2018-03-15T13:25:13.937000", "db": "NVD", "id": "CVE-2018-5767" }, { "date": "2018-04-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201802-893" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201802-893" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002267" }, { "db": "CNNVD", "id": "CNNVD-201802-893" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201802-893" } ], "trust": 0.6 } }
var-202304-1925
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-1925", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30375" } ] }, "cve": "CVE-2023-30375", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30375", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30375", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1888", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" }, { "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function \"getIfIp\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30375" }, { "db": "JVNDB", "id": "JVNDB-2023-008960" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30375", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008960", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1888", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" }, { "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "id": "VAR-202304-1925", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T13:54:49.426000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/1.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30375" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30375/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" }, { "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "db": "NVD", "id": "CVE-2023-30375" }, { "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "date": "2023-04-24T15:15:09.137000", "db": "NVD", "id": "CVE-2023-30375" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:15:00", "db": "JVNDB", "id": "JVNDB-2023-008960" }, { "date": "2023-04-28T02:54:52.047000", "db": "NVD", "id": "CVE-2023-30375" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1888" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1888" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008960" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1888" } ], "trust": 0.6 } }
var-201810-0274
Vulnerability from variot
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. plural Tenda The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9, AC15 and AC18 are all wireless router products from Tenda. Security flaws exist in Tenda AC9, AC15, and AC18. The following products and versions are affected: Tenda AC9 V15.03.05.19(6318)_CN version; AC15 V15.03.05.19_CN version; AC18 V15.03.05.19(6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0274", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18728" } ] }, "cve": "CVE-2018-18728", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-18728", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-01887", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-129316", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-18728", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18728", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-01887", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1355", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-129316", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. plural Tenda The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9, AC15 and AC18 are all wireless router products from Tenda. Security flaws exist in Tenda AC9, AC15, and AC18. The following products and versions are affected: Tenda AC9 V15.03.05.19(6318)_CN version; AC15 V15.03.05.19_CN version; AC18 V15.03.05.19(6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18728", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011975", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1355", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01887", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129316", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "id": "VAR-201810-0274", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" } ], "trust": 1.4236694433333335 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" } ] }, "last_update_date": "2023-12-18T12:56:48.326000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011975" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.1 }, { "problemtype": "CWE-77", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129316" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zillr0/routers/blob/master/tenda/rce1.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18728" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18728" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01887" }, { "db": "VULHUB", "id": "VHN-129316" }, { "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "db": "NVD", "id": "CVE-2018-18728" }, { "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01887" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129316" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "date": "2018-10-29T12:29:07.507000", "db": "NVD", "id": "CVE-2018-18728" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01887" }, { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-129316" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011975" }, { "date": "2019-10-03T00:03:26.223000", "db": "NVD", "id": "CVE-2018-18728" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1355" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1355" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Command injection vulnerability in the product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011975" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1355" } ], "trust": 0.6 } }
var-201810-0276
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0276", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18730" } ] }, "cve": "CVE-2018-18730", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18730", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-01885", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129319", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18730", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18730", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-01885", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1357", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129319", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027startIp\u0027 and \u0027endIp\u0027 parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18730", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011970", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1357", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01885", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129319", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "id": "VAR-201810-0276", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" } ] }, "last_update_date": "2023-12-18T14:05:18.908000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011970" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129319" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zillr0/routers/blob/master/tenda/stack3.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18730" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18730" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01885" }, { "db": "VULHUB", "id": "VHN-129319" }, { "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "db": "NVD", "id": "CVE-2018-18730" }, { "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01885" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129319" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "date": "2018-10-29T12:29:07.727000", "db": "NVD", "id": "CVE-2018-18730" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01885" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129319" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011970" }, { "date": "2018-12-14T15:37:52.763000", "db": "NVD", "id": "CVE-2018-18730" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1357" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1357" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011970" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1357" } ], "trust": 0.6 } }
var-201803-2168
Vulnerability from variot
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Tenda AC15 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2168", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "tenda technology co.,ltd. ac15", "scope": null, "trust": 0.6, "vendor": "", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-5770" } ] }, "cve": "CVE-2018-5770", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-5770", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-05960", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-135802", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-5770", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-5770", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-05960", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201803-714", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-135802", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-5770", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" }, { "db": "VULMON", "id": "CVE-2018-5770" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Tenda AC15 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda", "sources": [ { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" }, { "db": "VULMON", "id": "CVE-2018-5770" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5770", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2018-003318", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2018-05960", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201803-714", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-135802", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-5770", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" }, { "db": "VULMON", "id": "CVE-2018-5770" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "id": "VAR-201803-2168", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" } ], "trust": 1.1924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" } ] }, "last_update_date": "2023-12-18T12:18:58.627000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.tendacn.com/en/default.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003318" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1188", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135802" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5770" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5770" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/1188.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" }, { "db": "VULMON", "id": "CVE-2018-5770" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-05960" }, { "db": "VULHUB", "id": "VHN-135802" }, { "db": "VULMON", "id": "CVE-2018-5770" }, { "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "db": "NVD", "id": "CVE-2018-5770" }, { "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-22T00:00:00", "db": "CNVD", "id": "CNVD-2018-05960" }, { "date": "2018-03-20T00:00:00", "db": "VULHUB", "id": "VHN-135802" }, { "date": "2018-03-20T00:00:00", "db": "VULMON", "id": "CVE-2018-5770" }, { "date": "2018-05-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "date": "2018-03-20T15:29:00.657000", "db": "NVD", "id": "CVE-2018-5770" }, { "date": "2018-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-22T00:00:00", "db": "CNVD", "id": "CNVD-2018-05960" }, { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-135802" }, { "date": "2019-10-03T00:00:00", "db": "VULMON", "id": "CVE-2018-5770" }, { "date": "2018-05-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003318" }, { "date": "2019-10-03T00:03:26.223000", "db": "NVD", "id": "CVE-2018-5770" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-714" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-714" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003318" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-714" } ], "trust": 0.6 } }
var-202403-0816
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0816", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2811" } ] }, "cve": "CVE-2024-2811", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2811", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2811", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2811", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2811" }, { "db": "JVNDB", "id": "JVNDB-2024-003040" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2811", "trust": 2.6 }, { "db": "VULDB", "id": "257666", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003040", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "id": "VAR-202403-0816", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:04:19.022000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formwifiwpsstart.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257666" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257666" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2811" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "db": "NVD", "id": "CVE-2024-2811" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "date": "2024-03-22T06:15:11.803000", "db": "NVD", "id": "CVE-2024-2811" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:20:00", "db": "JVNDB", "id": "JVNDB-2024-003040" }, { "date": "2024-05-17T02:38:31.553000", "db": "NVD", "id": "CVE-2024-2811" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003040" } ], "trust": 0.8 } }
var-202005-0458
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0458", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac9", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.05.19 cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18 ) cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13392" } ] }, "cve": "CVE-2020-13392", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005746", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31407", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-13392", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005746", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13392", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005746", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31407", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1142", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2020-13392", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "VULMON", "id": "CVE-2020-13392" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" }, { "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13392" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "VULMON", "id": "CVE-2020-13392" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13392", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-005746", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31407", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1142", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-13392", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "VULMON", "id": "CVE-2020-13392" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" }, { "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "id": "VAR-202005-0458", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" } ], "trust": 1.3927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" } ] }, "last_update_date": "2023-12-18T12:35:31.585000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://tendacn.com/en" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005746" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13392" }, { "trust": 1.7, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13392" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "VULMON", "id": "CVE-2020-13392" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" }, { "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31407" }, { "db": "VULMON", "id": "CVE-2020-13392" }, { "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "db": "NVD", "id": "CVE-2020-13392" }, { "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31407" }, { "date": "2020-05-22T00:00:00", "db": "VULMON", "id": "CVE-2020-13392" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "date": "2020-05-22T17:15:11.237000", "db": "NVD", "id": "CVE-2020-13392" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31407" }, { "date": "2020-05-27T00:00:00", "db": "VULMON", "id": "CVE-2020-13392" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005746" }, { "date": "2020-05-27T19:49:11.520000", "db": "NVD", "id": "CVE-2020-13392" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1142" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1142" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005746" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1142" } ], "trust": 0.6 } }
var-201810-0244
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0244", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18707" } ] }, "cve": "CVE-2018-18707", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18707", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-09141", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129293", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18707", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18707", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-09141", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1338", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129293", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"ssid\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18707", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011966", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1338", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-09141", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129293", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "id": "VAR-201810-0244", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" } ] }, "last_update_date": "2023-12-18T12:36:32.535000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011966" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129293" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-07/tenda.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18707" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18707" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-09141" }, { "db": "VULHUB", "id": "VHN-129293" }, { "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "db": "NVD", "id": "CVE-2018-18707" }, { "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09141" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129293" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "date": "2018-10-29T12:29:05.507000", "db": "NVD", "id": "CVE-2018-18707" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09141" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129293" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011966" }, { "date": "2018-12-14T16:26:52.530000", "db": "NVD", "id": "CVE-2018-18707" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1338" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1338" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011966" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1338" } ], "trust": 0.6 } }
var-202304-1954
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-1954", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30373" } ] }, "cve": "CVE-2023-30373", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30373", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30373", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1891", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" }, { "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function \"xian_pppoe_user\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30373" }, { "db": "JVNDB", "id": "JVNDB-2023-008961" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30373", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008961", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1891", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" }, { "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "id": "VAR-202304-1954", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T13:11:26.485000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/8.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30373" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30373/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" }, { "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "db": "NVD", "id": "CVE-2023-30373" }, { "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "date": "2023-04-24T15:15:09.097000", "db": "NVD", "id": "CVE-2023-30373" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:18:00", "db": "JVNDB", "id": "JVNDB-2023-008961" }, { "date": "2023-04-28T02:54:48.030000", "db": "NVD", "id": "CVE-2023-30373" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1891" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1891" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008961" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1891" } ], "trust": 0.6 } }
var-202005-0456
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0456", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318_)_cn" }, { "model": "ac6", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v1.0 15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "v3.0 15.03.06.42_multi" }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9 v15.03.05.19 cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18 ) cn", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13390" } ] }, "cve": "CVE-2020-13390", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005758", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31387", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005758", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13390", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005758", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31387", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1140", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" }, { "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13390" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "CNVD", "id": "CNVD-2020-31387" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13390", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-005758", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31387", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1140", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" }, { "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "id": "VAR-202005-0456", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" } ], "trust": 1.3927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" } ] }, "last_update_date": "2023-12-18T11:58:23.120000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005758" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13390" }, { "trust": 1.6, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13390" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31387" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" }, { "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31387" }, { "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "db": "NVD", "id": "CVE-2020-13390" }, { "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31387" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "date": "2020-05-22T17:15:11.097000", "db": "NVD", "id": "CVE-2020-13390" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31387" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005758" }, { "date": "2020-05-27T19:52:00.243000", "db": "NVD", "id": "CVE-2020-13390" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1140" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1140" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005758" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1140" } ], "trust": 0.6 } }
var-202304-1974
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-1974", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30378" } ] }, "cve": "CVE-2023-30378", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-43040", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30378", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30378", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-43040", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-1884", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" }, { "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function \"sub_8EE8\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An authenticated remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2023-30378" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "CNVD", "id": "CNVD-2023-43040" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30378", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008958", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-43040", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-1884", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" }, { "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "id": "VAR-202304-1974", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" } ] }, "last_update_date": "2023-12-18T14:03:21.564000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/5.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30378" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30378/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43040" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" }, { "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-43040" }, { "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "db": "NVD", "id": "CVE-2023-30378" }, { "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-43040" }, { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "date": "2023-04-24T15:15:09.223000", "db": "NVD", "id": "CVE-2023-30378" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2023-43040" }, { "date": "2023-12-04T06:11:00", "db": "JVNDB", "id": "JVNDB-2023-008958" }, { "date": "2023-04-28T02:55:03.790000", "db": "NVD", "id": "CVE-2023-30378" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1884" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1884" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008958" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1884" } ], "trust": 0.6 } }
var-202201-1106
Vulnerability from variot
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. AC15V1.0 and AC5V1.0 An improper comparison vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC15 is a wireless router from the Chinese company Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-1106", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac5", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.06.48_multi" }, { "model": "ac5", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15v1.0 15.03.05.20 multi", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15v1.0 15.03.06.48 multi", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.48_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44971" } ] }, "cve": "CVE-2021-44971", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44971", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-22299", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44971", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44971", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-22299", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202201-2607", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. AC15V1.0 and AC5V1.0 An improper comparison vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC15 is a wireless router from the Chinese company Tenda", "sources": [ { "db": "NVD", "id": "CVE-2021-44971" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "CNVD", "id": "CNVD-2022-22299" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44971", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-004279", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-22299", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-2607", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "id": "VAR-202201-1106", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" } ], "trust": 1.4106146000000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" } ] }, "last_update_date": "2024-02-14T22:58:52.351000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://tenda.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004279" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-697", "trust": 1.0 }, { "problemtype": "Inappropriate comparison (CWE-697) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/21gun5/my_cve/blob/main/tenda/bypass_auth.md" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44971" }, { "trust": 1.6, "url": "http://ac15v10.com" }, { "trust": 1.6, "url": "http://tenda.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-22299" }, { "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "db": "NVD", "id": "CVE-2021-44971" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-24T00:00:00", "db": "CNVD", "id": "CNVD-2022-22299" }, { "date": "2023-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "date": "2022-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "date": "2022-01-28T19:15:07.963000", "db": "NVD", "id": "CVE-2021-44971" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-24T00:00:00", "db": "CNVD", "id": "CNVD-2022-22299" }, { "date": "2023-04-04T05:01:00", "db": "JVNDB", "id": "JVNDB-2022-004279" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-2607" }, { "date": "2024-02-14T01:17:43.863000", "db": "NVD", "id": "CVE-2021-44971" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-2607" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "AC15V1.0\u00a0 and \u00a0AC5V1.0\u00a0 Improper Comparison Vulnerability in Firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-004279" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-2607" } ], "trust": 0.6 } }
var-202304-1953
Vulnerability from variot
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-1953", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30369" } ] }, "cve": "CVE-2023-30369", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2023-43044", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30369", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30369", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2023-43044", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-1900", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" }, { "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30369" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "CNVD", "id": "CNVD-2023-43044" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30369", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2023-008843", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-43044", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-1900", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" }, { "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "id": "VAR-202304-1953", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" } ] }, "last_update_date": "2023-12-18T14:03:21.588000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/3.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30369" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30369/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-43044" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" }, { "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-43044" }, { "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "db": "NVD", "id": "CVE-2023-30369" }, { "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-02T00:00:00", "db": "CNVD", "id": "CNVD-2023-43044" }, { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "date": "2023-04-24T14:15:07.903000", "db": "NVD", "id": "CVE-2023-30369" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2023-43044" }, { "date": "2023-12-04T03:16:00", "db": "JVNDB", "id": "JVNDB-2023-008843" }, { "date": "2023-04-28T02:54:22.400000", "db": "NVD", "id": "CVE-2023-30369" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1900" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1900" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008843" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1900" } ], "trust": 0.6 } }
var-202007-0065
Vulnerability from variot
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. Tenda AC15 AC1900 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0065", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15 ac1900", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10988" } ] }, "cve": "CVE-2020-10988", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-007727", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2020-41511", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007727", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10988", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-007727", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-41511", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202007-565", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" }, { "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. Tenda AC15 AC1900 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company", "sources": [ { "db": "NVD", "id": "CVE-2020-10988" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "CNVD", "id": "CNVD-2020-41511" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10988", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-007727", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41511", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48172", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-565", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" }, { "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "id": "VAR-202007-0065", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" } ] }, "last_update_date": "2023-12-18T11:58:13.622000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.tenda.cz/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007727" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-798", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10988" }, { "trust": 1.6, "url": "https://www.ise.io/research/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10988" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48172" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" }, { "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "db": "NVD", "id": "CVE-2020-10988" }, { "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41511" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "date": "2020-07-13T19:15:12.270000", "db": "NVD", "id": "CVE-2020-10988" }, { "date": "2020-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41511" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007727" }, { "date": "2020-07-15T19:59:58.710000", "db": "NVD", "id": "CVE-2020-10988" }, { "date": "2020-08-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-565" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-565" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 AC1900 trust management issue vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-41511" }, { "db": "CNNVD", "id": "CNNVD-202007-565" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-565" } ], "trust": 0.6 } }
var-202211-1523
Vulnerability from variot
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is caused by the fact that the fromSetRouteStatic function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1523", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.18" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" }, { "db": "NVD", "id": "CVE-2022-44168" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44168" } ] }, "cve": "CVE-2022-44168", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87025", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-44168", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-87025", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-3223", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" }, { "db": "NVD", "id": "CVE-2022-44168" }, { "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is caused by the fact that the fromSetRouteStatic function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2022-44168" }, { "db": "CNVD", "id": "CNVD-2022-87025" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-44168", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2022-87025", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202211-3223", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" }, { "db": "NVD", "id": "CVE-2022-44168" }, { "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "id": "VAR-202211-1523", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" } ] }, "last_update_date": "2023-12-18T13:46:22.552000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44168" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://github.com/robinwang825/iot_vuln/tree/main/tenda/ac15/fromsetroutestatic" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-44168/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" }, { "db": "NVD", "id": "CVE-2022-44168" }, { "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87025" }, { "db": "NVD", "id": "CVE-2022-44168" }, { "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-08T00:00:00", "db": "CNVD", "id": "CNVD-2022-87025" }, { "date": "2022-11-21T15:15:10.857000", "db": "NVD", "id": "CVE-2022-44168" }, { "date": "2022-11-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-87025" }, { "date": "2022-11-21T20:31:04.483000", "db": "NVD", "id": "CVE-2022-44168" }, { "date": "2022-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3223" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3223" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 fromSetRouteStatic function buffer overflow vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-87025" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3223" } ], "trust": 0.6 } }
var-202403-0791
Vulnerability from variot
A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0791", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2815" } ] }, "cve": "CVE-2024-2815", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2815", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2815", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2815", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2815" }, { "db": "JVNDB", "id": "JVNDB-2024-003036" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2815", "trust": 2.6 }, { "db": "VULDB", "id": "257670", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003036", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "id": "VAR-202403-0791", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:12:32.619000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/r7webssecurityhandler.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257670" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257670" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2815" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "db": "NVD", "id": "CVE-2024-2815" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "date": "2024-03-22T08:15:09.750000", "db": "NVD", "id": "CVE-2024-2815" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:20:00", "db": "JVNDB", "id": "JVNDB-2024-003036" }, { "date": "2024-05-17T02:38:31.990000", "db": "NVD", "id": "CVE-2024-2815" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003036" } ], "trust": 0.8 } }
var-201810-0278
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0278", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18732" } ] }, "cve": "CVE-2018-18732", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18732", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-01883", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129321", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18732", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18732", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-01883", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1359", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129321", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" }, { "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027ntpServer\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18732" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18732", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-013979", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1359", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01883", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129321", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" }, { "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "id": "VAR-201810-0278", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" } ] }, "last_update_date": "2023-12-18T13:28:46.944000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013979" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129321" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zillr0/routers/blob/master/tenda/stack2.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18732" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18732" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" }, { "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01883" }, { "db": "VULHUB", "id": "VHN-129321" }, { "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "db": "NVD", "id": "CVE-2018-18732" }, { "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01883" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129321" }, { "date": "2019-03-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "date": "2018-10-29T12:29:07.960000", "db": "NVD", "id": "CVE-2018-18732" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01883" }, { "date": "2019-01-29T00:00:00", "db": "VULHUB", "id": "VHN-129321" }, { "date": "2019-03-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013979" }, { "date": "2019-01-29T17:04:35.727000", "db": "NVD", "id": "CVE-2018-18732" }, { "date": "2019-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1359" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1359" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013979" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1359" } ], "trust": 0.6 } }
var-202209-1794
Vulnerability from variot
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the parameter time of the setSmartPowerManagement method does not check the size of the input data when the method contains the request /goform/PowerSaveSet. Attackers can exploit the vulnerability to cause remote code execution or Denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1794", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40864" } ] }, "cve": "CVE-2022-40864", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88197", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40864", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40864", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88197", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2392", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" }, { "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the parameter time of the setSmartPowerManagement method does not check the size of the input data when the method contains the request /goform/PowerSaveSet. Attackers can exploit the vulnerability to cause remote code execution or Denial of service", "sources": [ { "db": "NVD", "id": "CVE-2022-40864" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "CNVD", "id": "CNVD-2022-88197" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40864", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017555", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88197", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2392", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" }, { "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "id": "VAR-202209-1794", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" } ], "trust": 1.0468541999999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" } ] }, "last_update_date": "2023-12-18T13:59:30.969000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 and AC18 setSmartPowerManagement stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372536" }, { "title": "Tenda AC15 and Tenda AC18 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208894" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac18/setsmartpowermanagement.md" }, { "trust": 2.4, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/setsmartpowermanagement.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40864" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40864/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" }, { "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88197" }, { "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "db": "NVD", "id": "CVE-2022-40864" }, { "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-17T00:00:00", "db": "CNVD", "id": "CNVD-2022-88197" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "date": "2022-09-23T14:15:13.303000", "db": "NVD", "id": "CVE-2022-40864" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88197" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017555" }, { "date": "2022-09-23T20:25:59.923000", "db": "NVD", "id": "CVE-2022-40864" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2392" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2392" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017555" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2392" } ], "trust": 0.6 } }
var-201711-0574
Vulnerability from variot
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318)cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. Shenzhen Tenda Ac9 , Ac15 ,and Ac18 The device contains a path traversal vulnerability.Information may be obtained. ShenzhenTendaAc9 and other are the wireless router products of Tenda. App_data_center is one of the application data centers. A directory traversal vulnerability exists in app_data_center in several ShenzhenTenda products. A remote attacker can exploit this vulnerability to read arbitrary files. The following products and versions are affected: Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01 Version, Ac9 ac9_kf_V15.03.05.19(6318)cn Version, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01 Version, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01 Version , Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 version, Ac18 ac18_kf_V15.03.05.19(6318)_cn version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0574", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac15v1.0br_v15.03.05.18_multi_td01" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac15v1.0br_v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac18v1.0br_v15.03.05.05_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "us_ac9v1.0br_v15.03.05.14_multi_td01" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "ac9_kf_v15.03.05.19\\(6318_\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "ac18_kf_v15.03.05.19\\(6318_\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac18_kf_v15.03.05.19(6318_)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac9_kf_v15.03.05.19(6318_)_cn" }, { "model": "tenda technology co.,ltd. ac9 us_ac9v1.0br_v15.03.05.14_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac9 ac9_kf_v15.03.05.19 _cn", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac15 us_ac15v1.0br_v15.03.05.18_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac15 us_ac15v1.0br_v15.03.05.19_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac18 us_ac18v1.0br_v15.03.05.05_multi_td01", "scope": null, "trust": 0.6, "vendor": "", "version": null }, { "model": "tenda technology co.,ltd. ac18 ac18 ac18_kf_v15.03.05.19 _cn", "scope": null, "trust": 0.6, "vendor": "", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:us_ac9v1.0br_v15.03.05.14_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:ac9_kf_v15.03.05.19\\(6318_\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.18_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:us_ac15v1.0br_v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:us_ac18v1.0br_v15.03.05.05_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:ac18_kf_v15.03.05.19\\(6318_\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-16936" } ] }, "cve": "CVE-2017-16936", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-16936", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-35381", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "VHN-107908", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-16936", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-16936", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-35381", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201711-1055", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-107908", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1\u0026path= URI that uses directory traversal sequences after a /usb/ substring. Shenzhen Tenda Ac9 , Ac15 ,and Ac18 The device contains a path traversal vulnerability.Information may be obtained. ShenzhenTendaAc9 and other are the wireless router products of Tenda. App_data_center is one of the application data centers. A directory traversal vulnerability exists in app_data_center in several ShenzhenTenda products. A remote attacker can exploit this vulnerability to read arbitrary files. The following products and versions are affected: Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01 Version, Ac9 ac9_kf_V15.03.05.19(6318_)_cn Version, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01 Version, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01 Version , Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 version, Ac18 ac18_kf_V15.03.05.19(6318_)_cn version", "sources": [ { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-16936", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2017-010756", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201711-1055", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2017-35381", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-107908", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "id": "VAR-201711-0574", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" } ], "trust": 1.1473388866666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" } ] }, "last_update_date": "2023-12-18T13:08:41.193000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://tendacn.com/en/default.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010756" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107908" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://github.com/iolop/poc/tree/master/router/tenda" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16936" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-35381" }, { "db": "VULHUB", "id": "VHN-107908" }, { "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "db": "NVD", "id": "CVE-2017-16936" }, { "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-29T00:00:00", "db": "CNVD", "id": "CNVD-2017-35381" }, { "date": "2017-11-24T00:00:00", "db": "VULHUB", "id": "VHN-107908" }, { "date": "2017-12-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "date": "2017-11-24T07:29:00.350000", "db": "NVD", "id": "CVE-2017-16936" }, { "date": "2017-11-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-29T00:00:00", "db": "CNVD", "id": "CNVD-2017-35381" }, { "date": "2017-12-12T00:00:00", "db": "VULHUB", "id": "VHN-107908" }, { "date": "2017-12-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010756" }, { "date": "2017-12-12T16:04:56.777000", "db": "NVD", "id": "CVE-2017-16936" }, { "date": "2017-11-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-1055" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "specific network environment", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1055" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Shenzhen Tenda Path traversal vulnerability in devices", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010756" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-1055" } ], "trust": 0.6 } }
var-202304-2059
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2059", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30376" } ] }, "cve": "CVE-2023-30376", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30376", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30376", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1886", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" }, { "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function \"henan_pppoe_user\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30376" }, { "db": "JVNDB", "id": "JVNDB-2023-008959" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30376", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008959", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1886", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" }, { "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "id": "VAR-202304-2059", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T13:41:28.590000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/9.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30376" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30376/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" }, { "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "db": "NVD", "id": "CVE-2023-30376" }, { "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "date": "2023-04-24T15:15:09.180000", "db": "NVD", "id": "CVE-2023-30376" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:13:00", "db": "JVNDB", "id": "JVNDB-2023-008959" }, { "date": "2023-04-28T02:54:59.670000", "db": "NVD", "id": "CVE-2023-30376" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1886" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1886" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008959" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1886" } ], "trust": 0.6 } }
var-201803-2167
Vulnerability from variot
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Tenda AC15 The router contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15router is a wireless router product from Tenda. There is a security hole in the TendaAC15 router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2167", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tendacn", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15 router", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-5768" } ] }, "cve": "CVE-2018-5768", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-5768", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-06266", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-135800", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-5768", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-5768", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-06266", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201803-701", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-135800", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-5768", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" }, { "db": "VULMON", "id": "CVE-2018-5768" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Tenda AC15 The router contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15router is a wireless router product from Tenda. There is a security hole in the TendaAC15 router", "sources": [ { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" }, { "db": "VULMON", "id": "CVE-2018-5768" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5768", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2018-003362", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2018-06266", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201803-701", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-135800", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-5768", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" }, { "db": "VULMON", "id": "CVE-2018-5768" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "id": "VAR-201803-2167", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" } ], "trust": 1.4462291999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" } ] }, "last_update_date": "2023-12-18T12:02:26.290000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "AC15", "trust": 0.8, "url": "http://tendacn.com/en/product/ac15.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003362" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-798", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135800" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5768" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5768" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/798.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" }, { "db": "VULMON", "id": "CVE-2018-5768" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-06266" }, { "db": "VULHUB", "id": "VHN-135800" }, { "db": "VULMON", "id": "CVE-2018-5768" }, { "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "db": "NVD", "id": "CVE-2018-5768" }, { "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-06266" }, { "date": "2018-03-20T00:00:00", "db": "VULHUB", "id": "VHN-135800" }, { "date": "2018-03-20T00:00:00", "db": "VULMON", "id": "CVE-2018-5768" }, { "date": "2018-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "date": "2018-03-20T19:29:00.210000", "db": "NVD", "id": "CVE-2018-5768" }, { "date": "2018-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-06266" }, { "date": "2018-04-18T00:00:00", "db": "VULHUB", "id": "VHN-135800" }, { "date": "2018-04-18T00:00:00", "db": "VULMON", "id": "CVE-2018-5768" }, { "date": "2018-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003362" }, { "date": "2018-04-18T13:46:59.930000", "db": "NVD", "id": "CVE-2018-5768" }, { "date": "2018-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-701" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-701" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 Vulnerabilities related to the use of hard-coded credentials in routers", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003362" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-701" } ], "trust": 0.6 } }
var-202304-2164
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2164", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30370" } ] }, "cve": "CVE-2023-30370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30370", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30370", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1893", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" }, { "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30370" }, { "db": "JVNDB", "id": "JVNDB-2023-008965" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30370", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008965", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1893", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" }, { "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "id": "VAR-202304-2164", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T13:21:45.725000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/7.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30370" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30370/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" }, { "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "db": "NVD", "id": "CVE-2023-30370" }, { "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "date": "2023-04-24T15:15:08.967000", "db": "NVD", "id": "CVE-2023-30370" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:25:00", "db": "JVNDB", "id": "JVNDB-2023-008965" }, { "date": "2023-04-28T02:54:30.690000", "db": "NVD", "id": "CVE-2023-30370" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1893" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1893" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008965" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1893" } ], "trust": 0.6 } }
var-202403-0832
Vulnerability from variot
A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0832", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2809" } ] }, "cve": "CVE-2024-2809", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2809", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2809", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2809", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2809" }, { "db": "JVNDB", "id": "JVNDB-2024-003042" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2809", "trust": 2.6 }, { "db": "VULDB", "id": "257664", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003042", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "id": "VAR-202403-0832", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:07:49.929000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formsetfirewallcfg.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257664" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257664" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2809" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "db": "NVD", "id": "CVE-2024-2809" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "date": "2024-03-22T06:15:08.747000", "db": "NVD", "id": "CVE-2024-2809" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:30:00", "db": "JVNDB", "id": "JVNDB-2024-003042" }, { "date": "2024-05-17T02:38:31.340000", "db": "NVD", "id": "CVE-2024-2809" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003042" } ], "trust": 0.8 } }
var-202007-0959
Vulnerability from variot
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. Tenda AC15 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda Company.
Tenda AC15 AC1900 15.03.05.19 version of the goform/AdvSetLanip endpoint has security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0959", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15 ac1900", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-15916" } ] }, "cve": "CVE-2020-15916", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-008663", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CNVD-2020-42248", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008663", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-15916", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-008663", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-42248", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-1412", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" }, { "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. Tenda AC15 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda Company. \n\r\n\r\nTenda AC15 AC1900 15.03.05.19 version of the goform/AdvSetLanip endpoint has security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-15916" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "CNVD", "id": "CNVD-2020-42248" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-15916", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-008663", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-42248", "trust": 0.6 }, { "db": "NSFOCUS", "id": "49247", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-1412", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" }, { "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "id": "VAR-202007-0959", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" } ] }, "last_update_date": "2023-12-18T13:23:11.220000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "AC15", "trust": 0.8, "url": "https://www.tendacn.com/en/product/ac15.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008663" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15916" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15916" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49247" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-42248" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" }, { "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-42248" }, { "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "db": "NVD", "id": "CVE-2020-15916" }, { "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-26T00:00:00", "db": "CNVD", "id": "CNVD-2020-42248" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "date": "2020-07-23T18:15:11.763000", "db": "NVD", "id": "CVE-2020-15916" }, { "date": "2020-07-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-26T00:00:00", "db": "CNVD", "id": "CNVD-2020-42248" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008663" }, { "date": "2020-07-27T16:06:16.737000", "db": "NVD", "id": "CVE-2020-15916" }, { "date": "2020-09-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1412" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1412" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 On the device OS Command injection vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008663" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1412" } ], "trust": 0.6 } }
var-201810-0275
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. plural Tenda The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0275", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18729" } ] }, "cve": "CVE-2018-18729", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 8.5, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-18729", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-01886", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-129317", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-18729", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18729", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-01886", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1356", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-129317", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027mac\u0027 parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. plural Tenda The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18729", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011969", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1356", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01886", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129317", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "id": "VAR-201810-0275", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" } ] }, "last_update_date": "2023-12-18T13:52:32.392000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011969" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129317" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zillr0/routers/blob/master/tenda/heapoverflow1.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18729" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18729" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01886" }, { "db": "VULHUB", "id": "VHN-129317" }, { "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "db": "NVD", "id": "CVE-2018-18729" }, { "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01886" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129317" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "date": "2018-10-29T12:29:07.617000", "db": "NVD", "id": "CVE-2018-18729" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01886" }, { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-129317" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011969" }, { "date": "2019-10-03T00:03:26.223000", "db": "NVD", "id": "CVE-2018-18729" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1356" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1356" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011969" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1356" } ], "trust": 0.6 } }
var-202007-0066
Vulnerability from variot
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. Tenda AC15 AC1900 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0066", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15 ac1900", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10989" } ] }, "cve": "CVE-2020-10989", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-007728", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CNVD-2020-41512", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2020-007728", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10989", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-007728", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-41512", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-567", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" }, { "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. Tenda AC15 AC1900 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company", "sources": [ { "db": "NVD", "id": "CVE-2020-10989" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "CNVD", "id": "CNVD-2020-41512" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10989", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-007728", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41512", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48175", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-567", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" }, { "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "id": "VAR-202007-0066", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" } ] }, "last_update_date": "2023-12-18T12:49:38.916000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.tenda.cz/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007728" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10989" }, { "trust": 1.6, "url": "https://www.ise.io/research/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10989" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48175" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" }, { "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "db": "NVD", "id": "CVE-2020-10989" }, { "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41512" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "date": "2020-07-13T19:15:12.347000", "db": "NVD", "id": "CVE-2020-10989" }, { "date": "2020-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41512" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007728" }, { "date": "2020-07-15T12:44:58.603000", "db": "NVD", "id": "CVE-2020-10989" }, { "date": "2020-08-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-567" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-567" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 AC1900 cross-site scripting vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-41512" }, { "db": "CNNVD", "id": "CNNVD-202007-567" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-567" } ], "trust": 0.6 } }
var-202403-0814
Vulnerability from variot
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0814", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2816" } ] }, "cve": "CVE-2024-2816", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "cna@vuldb.com", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2024-2816", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2816", "trust": 1.8, "value": "MEDIUM" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2816", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd", "sources": [ { "db": "NVD", "id": "CVE-2024-2816" }, { "db": "JVNDB", "id": "JVNDB-2024-003035" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2816", "trust": 2.6 }, { "db": "VULDB", "id": "257671", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003035", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "id": "VAR-202403-0814", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:06:51.537000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.0 }, { "problemtype": "Cross-site request forgery (CWE-352) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/fromsystoolreboot.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257671" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257671" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2816" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "db": "NVD", "id": "CVE-2024-2816" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "date": "2024-03-22T08:15:10.010000", "db": "NVD", "id": "CVE-2024-2816" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:56:00", "db": "JVNDB", "id": "JVNDB-2024-003035" }, { "date": "2024-05-17T02:38:32.100000", "db": "NVD", "id": "CVE-2024-2816" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Cross-site request forgery vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003035" } ], "trust": 0.8 } }
var-202403-0927
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0927", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2850" } ] }, "cve": "CVE-2024-2850", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2850", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2850", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2850", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2850" }, { "db": "JVNDB", "id": "JVNDB-2024-003033" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2850", "trust": 2.6 }, { "db": "VULDB", "id": "257774", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003033", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "id": "VAR-202403-0927", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T22:50:51.964000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/saveparentcontrolinfo_urls.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257774" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257774" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2850" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "db": "NVD", "id": "CVE-2024-2850" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "date": "2024-03-24T02:15:07.517000", "db": "NVD", "id": "CVE-2024-2850" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:56:00", "db": "JVNDB", "id": "JVNDB-2024-003033" }, { "date": "2024-05-17T02:38:33.820000", "db": "NVD", "id": "CVE-2024-2850" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003033" } ], "trust": 0.8 } }
var-202403-0817
Vulnerability from variot
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the deviceId/deviceMac parameter in the addWifiMacFilter method of the /goform/addWifiMacFilter page failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0817", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2806" } ] }, "cve": "CVE-2024-2806", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2024-26323", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2806", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2806", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2806", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2024-26323", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the deviceId/deviceMac parameter in the addWifiMacFilter method of the /goform/addWifiMacFilter page failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2024-2806" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "CNVD", "id": "CNVD-2024-26323" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2806", "trust": 3.2 }, { "db": "VULDB", "id": "257661", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003045", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-26323", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "id": "VAR-202403-0817", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" } ], "trust": 0.98505748 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" } ] }, "last_update_date": "2024-06-07T23:05:09.584000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 addWifiMacFilter method buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/554606" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/addwifimacfilter_deviceid.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257661" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2806" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257661" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26323" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-26323" }, { "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "db": "NVD", "id": "CVE-2024-2806" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-06T00:00:00", "db": "CNVD", "id": "CNVD-2024-26323" }, { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "date": "2024-03-22T05:15:48.480000", "db": "NVD", "id": "CVE-2024-2806" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-06T00:00:00", "db": "CNVD", "id": "CNVD-2024-26323" }, { "date": "2024-03-28T01:31:00", "db": "JVNDB", "id": "JVNDB-2024-003045" }, { "date": "2024-05-17T02:38:30.940000", "db": "NVD", "id": "CVE-2024-2806" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003045" } ], "trust": 0.8 } }
var-202209-1672
Vulnerability from variot
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList. Tenda of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is due to the fact that the formSetQosBand method does not check the size of the input data when it has the request /goform/SetNetControlList. Attackers can exploit the vulnerability to cause remote code execution or denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1672", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40860" } ] }, "cve": "CVE-2022-40860", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-88199", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40860", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40860", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88199", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2394", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" }, { "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand-\u003eFUN_0007dd20 with request /goform/SetNetControlList. Tenda of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is due to the fact that the formSetQosBand method does not check the size of the input data when it has the request /goform/SetNetControlList. Attackers can exploit the vulnerability to cause remote code execution or denial of service ", "sources": [ { "db": "NVD", "id": "CVE-2022-40860" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "CNVD", "id": "CNVD-2022-88199" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40860", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017557", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88199", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2394", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" }, { "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "id": "VAR-202209-1672", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" } ] }, "last_update_date": "2023-12-18T13:17:08.477000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 formSetQosBand stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372586" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208896" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/formsetqosband.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40860" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40860/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" }, { "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88199" }, { "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "db": "NVD", "id": "CVE-2022-40860" }, { "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-17T00:00:00", "db": "CNVD", "id": "CNVD-2022-88199" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "date": "2022-09-23T14:15:13.217000", "db": "NVD", "id": "CVE-2022-40860" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88199" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017557" }, { "date": "2022-09-23T20:28:32.340000", "db": "NVD", "id": "CVE-2022-40860" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2394" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2394" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017557" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2394" } ], "trust": 0.6 } }
var-202005-0460
Vulnerability from variot
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0460", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac6", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19_multi_td01" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.06.42_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac9", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac6 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac9", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0v15.03.05.19(6318)" }, { "model": "ac9 v15.03.06.42 multi", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v3.0" }, { "model": "ac15 v15.03.05.19 multi td01", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v1.0" }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19(6318)" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-13394" } ] }, "cve": "CVE-2020-13394", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005748", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-31409", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005748", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-13394", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005748", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-31409", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-1144", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" }, { "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. plural Tenda A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC9 and others are all wireless routers of China Tenda", "sources": [ { "db": "NVD", "id": "CVE-2020-13394" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "CNVD", "id": "CNVD-2020-31409" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-13394", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-005748", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-31409", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-1144", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" }, { "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "id": "VAR-202005-0460", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" } ], "trust": 1.3236694433333334 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" } ] }, "last_update_date": "2023-12-18T13:01:45.436000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://tendacn.com/en" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005748" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-tenda-vulnerability/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13394" }, { "trust": 1.6, "url": "https://joel-malwarebenchmark.github.io" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13394" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-31409" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" }, { "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-31409" }, { "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "db": "NVD", "id": "CVE-2020-13394" }, { "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31409" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "date": "2020-05-22T17:15:11.363000", "db": "NVD", "id": "CVE-2020-13394" }, { "date": "2020-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-03T00:00:00", "db": "CNVD", "id": "CNVD-2020-31409" }, { "date": "2020-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005748" }, { "date": "2020-05-27T19:26:14.757000", "db": "NVD", "id": "CVE-2020-13394" }, { "date": "2020-05-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1144" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1144" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Classic buffer overflow vulnerability in device", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005748" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-1144" } ], "trust": 0.6 } }
var-201810-0273
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (covering the return value of a function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0273", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac7", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac15", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac10", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac10", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac7", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac9", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18727" } ] }, "cve": "CVE-2018-18727", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18727", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-01888", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129315", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18727", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18727", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-01888", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1354", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129315", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceList\u0027 parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (covering the return value of a function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18727", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011964", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1354", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01888", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129315", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "id": "VAR-201810-0273", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" } ] }, "last_update_date": "2023-12-18T12:01:13.146000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011964" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129315" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zillr0/routers/blob/master/tenda/stack1.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18727" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18727" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01888" }, { "db": "VULHUB", "id": "VHN-129315" }, { "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "db": "NVD", "id": "CVE-2018-18727" }, { "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01888" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129315" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "date": "2018-10-29T12:29:07.400000", "db": "NVD", "id": "CVE-2018-18727" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01888" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129315" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011964" }, { "date": "2018-12-14T16:16:40.410000", "db": "NVD", "id": "CVE-2018-18727" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1354" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1354" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011964" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1354" } ], "trust": 0.6 } }
var-202209-1620
Vulnerability from variot
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the fromNatStaticSetting method does not check the size of the input data when it has the request /goform/NatStaticSetting. Attackers can exploit the vulnerability to cause remote code execution or rejection Serve
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1620", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40862" } ] }, "cve": "CVE-2022-40862", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88195", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40862", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40862", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88195", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2393", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" }, { "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting. Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability stems from the fact that the fromNatStaticSetting method does not check the size of the input data when it has the request /goform/NatStaticSetting. Attackers can exploit the vulnerability to cause remote code execution or rejection Serve", "sources": [ { "db": "NVD", "id": "CVE-2022-40862" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "CNVD", "id": "CNVD-2022-88195" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40862", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017556", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88195", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2393", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" }, { "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "id": "VAR-202209-1620", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" } ], "trust": 1.0468541999999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" } ] }, "last_update_date": "2023-12-18T13:46:26.398000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 and AC18 fromNatStaticSetting stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372491" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208895" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac18/fromnatstaticsetting.md" }, { "trust": 2.4, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/fromnatstaticsetting.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40862" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40862/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" }, { "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88195" }, { "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "db": "NVD", "id": "CVE-2022-40862" }, { "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-88195" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "date": "2022-09-23T14:15:13.260000", "db": "NVD", "id": "CVE-2022-40862" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88195" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017556" }, { "date": "2022-09-23T20:27:58.547000", "db": "NVD", "id": "CVE-2022-40862" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2393" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2393" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017556" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2393" } ], "trust": 0.6 } }
var-202209-1834
Vulnerability from variot
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list" ("%s%d","list"). Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability is caused by the fact that the fromDhcpListClient method does not check the size of the input data with the combination parameter list. Attackers can exploit the vulnerability to cause remote code execution or denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1834", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-40869" } ] }, "cve": "CVE-2022-40869", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-88194", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-40869", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-40869", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-88194", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202209-2390", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" }, { "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter \"list*\" (\"%s%d\",\"list\"). Tenda of AC15 firmware and AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both the Tenda AC15 and Tenda AC18 are products of the Chinese company Tenda. Tenda AC15 is a wireless router. Tenda AC18 is a router. The vulnerability is caused by the fact that the fromDhcpListClient method does not check the size of the input data with the combination parameter list*. Attackers can exploit the vulnerability to cause remote code execution or denial of service", "sources": [ { "db": "NVD", "id": "CVE-2022-40869" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "CNVD", "id": "CNVD-2022-88194" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-40869", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-017553", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-88194", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-2390", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" }, { "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "id": "VAR-202209-1834", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" } ], "trust": 1.0468541999999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" } ] }, "last_update_date": "2023-12-18T13:06:29.882000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 and AC18 fromDhcpListClient stack overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/372396" }, { "title": "Tenda AC15 and Tenda AC18 Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208893" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac18/fromdhcplistclient-list.md" }, { "trust": 2.4, "url": "https://github.com/cpseek/router-vuls/blob/main/tenda/ac15/fromdhcplistclient-list.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40869" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-40869/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" }, { "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-88194" }, { "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "db": "NVD", "id": "CVE-2022-40869" }, { "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-17T00:00:00", "db": "CNVD", "id": "CNVD-2022-88194" }, { "date": "2023-10-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "date": "2022-09-23T14:15:13.393000", "db": "NVD", "id": "CVE-2022-40869" }, { "date": "2022-09-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-18T00:00:00", "db": "CNVD", "id": "CNVD-2022-88194" }, { "date": "2023-10-13T08:42:00", "db": "JVNDB", "id": "JVNDB-2022-017553" }, { "date": "2022-09-23T20:17:05.990000", "db": "NVD", "id": "CVE-2022-40869" }, { "date": "2022-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-2390" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2390" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017553" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-2390" } ], "trust": 0.6 } }
var-202209-1000
Vulnerability from variot
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Tenda of AC15 firmware and AC18 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-1000", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19_multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:15.03.05.19_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-38326" } ] }, "cve": "CVE-2022-38326", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-38326", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-38326", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202209-1158", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" }, { "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Tenda of AC15 firmware and AC18 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-38326" }, { "db": "JVNDB", "id": "JVNDB-2022-017011" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-38326", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2022-017011", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202209-1158", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" }, { "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "id": "VAR-202209-1000", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4468542 }, "last_update_date": "2023-12-18T12:54:48.983000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Tenda AC15 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=208307" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/1160300418/vuls/blob/main/tenda/ac/vul_natstaticsetting.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38326" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-38326/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" }, { "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "db": "NVD", "id": "CVE-2022-38326" }, { "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "date": "2022-09-15T20:15:09.583000", "db": "NVD", "id": "CVE-2022-38326" }, { "date": "2022-09-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-10T08:20:00", "db": "JVNDB", "id": "JVNDB-2022-017011" }, { "date": "2022-09-19T17:58:15.140000", "db": "NVD", "id": "CVE-2022-38326" }, { "date": "2022-09-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-1158" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1158" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0 of \u00a0AC15\u00a0 firmware and \u00a0AC18\u00a0 Classic buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-017011" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-1158" } ], "trust": 0.6 } }
var-202403-0883
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This firmware has multiple functions and features, providing powerful network management and security protection functions.
Tenda AC15 firmware has a stack buffer overflow vulnerability. An attacker can exploit this vulnerability to cause the system to be controlled by the attacker
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0883", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.20 multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15 15.03.20 multi", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2852" } ] }, "cve": "CVE-2024-2852", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CNVD-2024-20299", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2852", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2852", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2852", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2024-20299", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This firmware has multiple functions and features, providing powerful network management and security protection functions. \n\nTenda AC15 firmware has a stack buffer overflow vulnerability. An attacker can exploit this vulnerability to cause the system to be controlled by the attacker", "sources": [ { "db": "NVD", "id": "CVE-2024-2852" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "CNVD", "id": "CNVD-2024-20299" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2852", "trust": 3.2 }, { "db": "VULDB", "id": "257776", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2024-003031", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-20299", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "id": "VAR-202403-0883", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" } ], "trust": 0.98505748 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" } ] }, "last_update_date": "2024-05-17T23:09:15.101000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 firmware stack buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/541141" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://vuldb.com/?id.257776" }, { "trust": 2.4, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/saveparentcontrolinfo_urls.md" }, { "trust": 1.6, "url": "https://vuldb.com/?ctiid.257776" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2852" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-20299" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-20299" }, { "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "db": "NVD", "id": "CVE-2024-2852" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-04-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-20299" }, { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "date": "2024-03-24T05:15:09.160000", "db": "NVD", "id": "CVE-2024-2852" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-04-25T00:00:00", "db": "CNVD", "id": "CNVD-2024-20299" }, { "date": "2024-03-28T00:56:00", "db": "JVNDB", "id": "JVNDB-2024-003031" }, { "date": "2024-05-17T02:38:34.220000", "db": "NVD", "id": "CVE-2024-2852" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003031" } ], "trust": 0.8 } }
var-201810-0245
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. An attacker could exploit the vulnerability to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0245", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18708" } ] }, "cve": "CVE-2018-18708", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18708", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-22313", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129294", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18708", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18708", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-22313", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1339", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129294", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-18708", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" }, { "db": "VULMON", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromAddressNat\" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. An attacker could exploit the vulnerability to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" }, { "db": "VULMON", "id": "CVE-2018-18708" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18708", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2018-011967", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1339", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2018-22313", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129294", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-18708", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" }, { "db": "VULMON", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "id": "VAR-201810-0245", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" } ] }, "last_update_date": "2023-12-18T13:18:58.319000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" }, { "title": "", "trust": 0.1, "url": "https://github.com/saber0x0/iot_sec_learn " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129294" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-05/tenda.md" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18708" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18708" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://github.com/saber0x0/iot_sec_learn" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" }, { "db": "VULMON", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-22313" }, { "db": "VULHUB", "id": "VHN-129294" }, { "db": "VULMON", "id": "CVE-2018-18708" }, { "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "db": "NVD", "id": "CVE-2018-18708" }, { "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-22313" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129294" }, { "date": "2018-10-29T00:00:00", "db": "VULMON", "id": "CVE-2018-18708" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "date": "2018-10-29T12:29:05.617000", "db": "NVD", "id": "CVE-2018-18708" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-22313" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129294" }, { "date": "2018-12-14T00:00:00", "db": "VULMON", "id": "CVE-2018-18708" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011967" }, { "date": "2018-12-14T16:25:50.750000", "db": "NVD", "id": "CVE-2018-18708" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1339" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1339" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011967" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1339" } ], "trust": 0.6 } }
var-202007-0063
Vulnerability from variot
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. Tenda AC15 AC1900 Exists in a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0063", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15 ac1900", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "15.03.05.19" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10986" } ] }, "cve": "CVE-2020-10986", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-007725", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CNVD-2020-41510", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-007725", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10986", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-007725", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-41510", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202007-563", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" }, { "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. Tenda AC15 AC1900 Exists in a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company", "sources": [ { "db": "NVD", "id": "CVE-2020-10986" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "CNVD", "id": "CNVD-2020-41510" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10986", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-007725", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41510", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48200", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-563", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" }, { "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "id": "VAR-202007-0063", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" } ] }, "last_update_date": "2023-12-18T12:56:00.483000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.tenda.cz/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007725" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10986" }, { "trust": 1.6, "url": "https://www.ise.io/research/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10986" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48200" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" }, { "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "db": "NVD", "id": "CVE-2020-10986" }, { "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41510" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "date": "2020-07-13T18:15:11.170000", "db": "NVD", "id": "CVE-2020-10986" }, { "date": "2020-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2020-41510" }, { "date": "2020-08-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007725" }, { "date": "2020-07-15T19:16:55.230000", "db": "NVD", "id": "CVE-2020-10986" }, { "date": "2020-08-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-563" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 AC1900 cross-site request forgery vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-41510" }, { "db": "CNNVD", "id": "CNNVD-202007-563" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-563" } ], "trust": 0.6 } }
var-202403-0815
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0815", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2814" } ] }, "cve": "CVE-2024-2814", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2814", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2814", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2814", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2814" }, { "db": "JVNDB", "id": "JVNDB-2024-003037" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2814", "trust": 2.6 }, { "db": "VULDB", "id": "257669", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003037", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "id": "VAR-202403-0815", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:09:38.108000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/fromdhcplistclient_page.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257669" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257669" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2814" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "db": "NVD", "id": "CVE-2024-2814" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "date": "2024-03-22T07:15:47.447000", "db": "NVD", "id": "CVE-2024-2814" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:20:00", "db": "JVNDB", "id": "JVNDB-2024-003037" }, { "date": "2024-05-17T02:38:31.880000", "db": "NVD", "id": "CVE-2024-2814" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Firmware vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003037" } ], "trust": 0.8 } }
var-202205-0063
Vulnerability from variot
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0063", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi_tde01" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi tde01" }, { "model": "ac15 15.03.05.20 multi tde01", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi_tde01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-28557" } ] }, "cve": "CVE-2022-28557", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-28557", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-38164", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-28557", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-28557", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-38164", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202205-2139", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2022-28557", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "VULMON", "id": "CVE-2022-28557" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution. Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-28557" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "VULMON", "id": "CVE-2022-28557" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-28557", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-009239", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-38164", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-2139", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-28557", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "VULMON", "id": "CVE-2022-28557" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "id": "VAR-202205-0063", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" } ] }, "last_update_date": "2023-12-18T13:36:59.277000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/333216" }, { "title": "Tenda AC15 Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192828" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.0 }, { "problemtype": "Command injection (CWE-77) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/doudoudedi/tendaac15_vul/blob/main/tendaac15-vul.md" }, { "trust": 1.2, "url": "https://cxsecurity.com/cveshow/cve-2022-28557/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28557" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/77.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "VULMON", "id": "CVE-2022-28557" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "VULMON", "id": "CVE-2022-28557" }, { "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "db": "NVD", "id": "CVE-2022-28557" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T00:00:00", "db": "CNVD", "id": "CNVD-2022-38164" }, { "date": "2022-05-04T00:00:00", "db": "VULMON", "id": "CVE-2022-28557" }, { "date": "2023-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "date": "2022-05-04T16:15:08.697000", "db": "NVD", "id": "CVE-2022-28557" }, { "date": "2022-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-38164" }, { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2022-28557" }, { "date": "2023-08-03T08:30:00", "db": "JVNDB", "id": "JVNDB-2022-009239" }, { "date": "2023-08-08T14:21:49.707000", "db": "NVD", "id": "CVE-2022-28557" }, { "date": "2022-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2139" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2139" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 Command Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-38164" }, { "db": "CNNVD", "id": "CNNVD-202205-2139" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2139" } ], "trust": 0.6 } }
var-202403-0918
Vulnerability from variot
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0918", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2855" } ] }, "cve": "CVE-2024-2855", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2855", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2855", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2855", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2855" }, { "db": "JVNDB", "id": "JVNDB-2024-003028" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2855", "trust": 2.6 }, { "db": "VULDB", "id": "257779", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003028", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "id": "VAR-202403-0918", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T22:45:50.944000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/fromsetsystime.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257779" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257779" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2855" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "db": "NVD", "id": "CVE-2024-2855" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "date": "2024-03-24T06:15:11.860000", "db": "NVD", "id": "CVE-2024-2855" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:47:00", "db": "JVNDB", "id": "JVNDB-2024-003028" }, { "date": "2024-05-17T02:38:34.570000", "db": "NVD", "id": "CVE-2024-2855" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003028" } ], "trust": 0.8 } }
var-202211-1364
Vulnerability from variot
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability comes from the fact that its formSetVirtualSer function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202211-1364", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tenda", "version": "v15.03.05.18" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-44169" } ] }, "cve": "CVE-2022-44169", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2022-87024", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-44169", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-44169", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-87024", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202211-3222", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" }, { "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability comes from the fact that its formSetVirtualSer function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2022-44169" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "CNVD", "id": "CNVD-2022-87024" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-44169", "trust": 3.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022532", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87024", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202211-3222", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" }, { "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "id": "VAR-202211-1364", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" } ], "trust": 1.0924584 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" } ] }, "last_update_date": "2023-12-18T13:00:28.992000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://github.com/robinwang825/iot_vuln/tree/main/tenda/ac15/formsetvirtualser" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-44169" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-44169/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87024" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" }, { "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87024" }, { "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "db": "NVD", "id": "CVE-2022-44169" }, { "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2022-87024" }, { "date": "2023-11-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "date": "2022-11-21T15:15:11.150000", "db": "NVD", "id": "CVE-2022-44169" }, { "date": "2022-11-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-87024" }, { "date": "2023-11-17T08:20:00", "db": "JVNDB", "id": "JVNDB-2022-022532" }, { "date": "2022-11-21T20:30:36.143000", "db": "NVD", "id": "CVE-2022-44169" }, { "date": "2022-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202211-3222" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3222" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022532" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202211-3222" } ], "trust": 0.6 } }
var-202403-0865
Vulnerability from variot
A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0865", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2810" } ] }, "cve": "CVE-2024-2810", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2810", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2810", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2810", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2024-2810" }, { "db": "JVNDB", "id": "JVNDB-2024-003041" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2810", "trust": 2.6 }, { "db": "VULDB", "id": "257665", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003041", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "id": "VAR-202403-0865", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38505748 }, "last_update_date": "2024-05-17T23:12:03.521000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/formwifiwpsoob.md" }, { "trust": 1.8, "url": "https://vuldb.com/?id.257665" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257665" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2810" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "db": "NVD", "id": "CVE-2024-2810" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "date": "2024-03-22T06:15:10.800000", "db": "NVD", "id": "CVE-2024-2810" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-03-28T01:30:00", "db": "JVNDB", "id": "JVNDB-2024-003041" }, { "date": "2024-05-17T02:38:31.447000", "db": "NVD", "id": "CVE-2024-2810" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003041" } ], "trust": 0.8 } }
var-201810-0243
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0243", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18706" } ] }, "cve": "CVE-2018-18706", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18706", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-09140", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129292", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18706", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18706", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-09140", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1337", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129292", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"page\" parameter of the function \"fromDhcpListClient\" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18706", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-011965", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1337", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-09140", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129292", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "id": "VAR-201810-0243", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" } ] }, "last_update_date": "2023-12-18T12:50:34.032000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011965" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129292" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/tenda.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18706" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18706" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-09140" }, { "db": "VULHUB", "id": "VHN-129292" }, { "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "db": "NVD", "id": "CVE-2018-18706" }, { "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09140" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129292" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "date": "2018-10-29T12:29:05.400000", "db": "NVD", "id": "CVE-2018-18706" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09140" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129292" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011965" }, { "date": "2018-12-14T16:27:48.937000", "db": "NVD", "id": "CVE-2018-18706" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1337" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1337" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011965" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1337" } ], "trust": 0.6 } }
var-201810-0246
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0246", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 2.4, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.6, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18709" } ] }, "cve": "CVE-2018-18709", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18709", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-09142", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129295", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18709", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18709", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-09142", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1340", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129295", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-18709", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" }, { "db": "VULMON", "id": "CVE-2018-18709" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router\u0027s web server -- httpd. When processing the \"firewallEn\" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The AC series is a router product from Tenda. httpd is one of the HTTP server components. The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" }, { "db": "VULMON", "id": "CVE-2018-18709" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18709", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2018-011968", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1340", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-09142", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129295", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-18709", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" }, { "db": "VULMON", "id": "CVE-2018-18709" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "id": "VAR-201810-0246", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" } ] }, "last_update_date": "2023-12-18T12:43:51.252000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011968" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129295" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-08/tenda.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18709" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18709" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" }, { "db": "VULMON", "id": "CVE-2018-18709" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-09142" }, { "db": "VULHUB", "id": "VHN-129295" }, { "db": "VULMON", "id": "CVE-2018-18709" }, { "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "db": "NVD", "id": "CVE-2018-18709" }, { "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09142" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129295" }, { "date": "2018-10-29T00:00:00", "db": "VULMON", "id": "CVE-2018-18709" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "date": "2018-10-29T12:29:05.727000", "db": "NVD", "id": "CVE-2018-18709" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-09142" }, { "date": "2018-12-14T00:00:00", "db": "VULHUB", "id": "VHN-129295" }, { "date": "2018-12-14T00:00:00", "db": "VULMON", "id": "CVE-2018-18709" }, { "date": "2019-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011968" }, { "date": "2018-12-14T16:19:02.837000", "db": "NVD", "id": "CVE-2018-18709" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1340" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1340" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011968" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1340" } ], "trust": 0.6 } }
var-202308-2864
Vulnerability from variot
Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2864", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-39673" } ] }, "cve": "CVE-2023-39673", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-39673", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-39673", "trust": 1.8, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-39673" }, { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "VULMON", "id": "CVE-2023-39673" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-39673", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2023-022470", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-39673", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-39673" }, { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "id": "VAR-202308-2864", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2024-01-24T22:45:58.715000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.tendacn.com/download/list-3.html" }, { "trust": 1.1, "url": "https://github.com/davidteeri/bug-report/blob/main/tenda/ac15%20impoper%20input%20validation.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-39673" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-39673" }, { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-39673" }, { "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "db": "NVD", "id": "CVE-2023-39673" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-18T00:00:00", "db": "VULMON", "id": "CVE-2023-39673" }, { "date": "2024-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "date": "2023-08-18T03:15:24.247000", "db": "NVD", "id": "CVE-2023-39673" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-18T00:00:00", "db": "VULMON", "id": "CVE-2023-39673" }, { "date": "2024-01-23T04:08:00", "db": "JVNDB", "id": "JVNDB-2023-022470" }, { "date": "2023-08-23T19:27:09.853000", "db": "NVD", "id": "CVE-2023-39673" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Classic buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-022470" } ], "trust": 0.8 } }
var-201807-1285
Vulnerability from variot
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \342\200\230limitSpeed\342\200\231 or \342\200\230limitSpeedup\342\200\231 parameter to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1285", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19_cn" }, { "model": "ac18", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac9", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)_cn" }, { "model": "ac7", "scope": "lte", "trust": 1.0, "vendor": "tendacn", "version": "15.03.06.44_cn" }, { "model": "ac10", "scope": "lte", "trust": 0.8, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac18", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac7", "scope": "lte", "trust": 0.8, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "lte", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 \u003c=15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 \u003c=15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 \u003c=15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac7", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "15.03.06.44_cn" }, { "model": "ac10", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "15.03.06.23_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "v15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac15", "scope": "eq", "trust": 0.6, "vendor": "tendacn", "version": "15.03.05.19_cn" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.03.06.44_cn", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "v15.03.05.19\\(6318\\)_cn", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.03.06.23_cn", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.03.05.19_cn", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.03.05.19\\(6318\\)_cn", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-14492" } ] }, "cve": "CVE-2018-14492", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-14492", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-14983", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-124657", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-14492", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-14492", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-14983", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201807-1668", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-124657", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \\342\\200\\230limitSpeed\\342\\200\\231 or \\342\\200\\230limitSpeedup\\342\\200\\231 parameter to cause a denial of service", "sources": [ { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-14492", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-008461", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201807-1668", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2018-14983", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-124657", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "id": "VAR-201807-1285", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" } ], "trust": 1.4236694433333335 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" } ] }, "last_update_date": "2023-12-18T14:01:10.713000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-008461" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-124657" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://github.com/zillr0/routers/blob/master/tendaoob1.md" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14492" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14492" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-14983" }, { "db": "VULHUB", "id": "VHN-124657" }, { "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "db": "NVD", "id": "CVE-2018-14492" }, { "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-14983" }, { "date": "2018-07-21T00:00:00", "db": "VULHUB", "id": "VHN-124657" }, { "date": "2018-10-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "date": "2018-07-21T12:29:00.333000", "db": "NVD", "id": "CVE-2018-14492" }, { "date": "2018-07-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-14983" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-124657" }, { "date": "2018-10-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-008461" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2018-14492" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201807-1668" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201807-1668" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-008461" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201807-1668" } ], "trust": 0.6 } }
var-202304-2034
Vulnerability from variot
In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-2034", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.19" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30371" } ] }, "cve": "CVE-2023-30371", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-30371", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30371", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202304-1890", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" }, { "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Tenda AC15 V15.03.05.19, the function \"sub_ED14\" contains a stack-based buffer overflow vulnerability. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-30371" }, { "db": "JVNDB", "id": "JVNDB-2023-008963" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30371", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-008963", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-1890", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" }, { "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "id": "VAR-202304-2034", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4924584 }, "last_update_date": "2023-12-18T13:21:45.901000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://github.com/2205794866/tenda/blob/main/ac15/4.md" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-30371" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30371/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" }, { "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "db": "NVD", "id": "CVE-2023-30371" }, { "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "date": "2023-04-24T15:15:09.010000", "db": "NVD", "id": "CVE-2023-30371" }, { "date": "2023-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-04T06:23:00", "db": "JVNDB", "id": "JVNDB-2023-008963" }, { "date": "2023-04-28T02:54:36.713000", "db": "NVD", "id": "CVE-2023-30371" }, { "date": "2023-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-1890" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1890" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Out-of-bounds write vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-008963" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-1890" } ], "trust": 0.6 } }
var-202112-0395
Vulnerability from variot
A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Tenda AC15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by Tenda in China.
Tenda AC15 15.03.05.18_multi version has security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0395", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tendacn", "version": "15.03.05.18_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.18_multi" }, { "model": "ac15 15.03.05.18 multi", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.18_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44352" } ] }, "cve": "CVE-2021-44352", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-44352", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-95600", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-44352", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44352", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2021-95600", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202112-196", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2021-44352", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" }, { "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Tenda AC15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC15 is a wireless router made by Tenda in China. \n\r\n\r\nTenda AC15 15.03.05.18_multi version has security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44352", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2021-015707", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-95600", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021120709", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-196", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-44352", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" }, { "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "id": "VAR-202112-0395", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" } ] }, "last_update_date": "2023-12-18T13:59:58.722000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.tenda.com.cn/default.html" }, { "title": "Patch for Tenda AC15 has unspecified vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/303831" }, { "title": "Tenda AC15 Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173081" }, { "title": "", "trust": 0.1, "url": "https://github.com/zhlu32/cve-my " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://github.com/zhlu32/cve/blob/main/tenda/tenda-ac15-buffer-overflow.md" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44352" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021120709" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/zhlu32/cve-my" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" }, { "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-95600" }, { "db": "VULMON", "id": "CVE-2021-44352" }, { "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "db": "NVD", "id": "CVE-2021-44352" }, { "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "CNVD", "id": "CNVD-2021-95600" }, { "date": "2021-12-03T00:00:00", "db": "VULMON", "id": "CVE-2021-44352" }, { "date": "2022-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "date": "2021-12-03T19:15:07.923000", "db": "NVD", "id": "CVE-2021-44352" }, { "date": "2021-12-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-09T00:00:00", "db": "CNVD", "id": "CNVD-2021-95600" }, { "date": "2021-12-10T00:00:00", "db": "VULMON", "id": "CVE-2021-44352" }, { "date": "2022-11-29T07:30:00", "db": "JVNDB", "id": "JVNDB-2021-015707" }, { "date": "2021-12-10T20:06:34.700000", "db": "NVD", "id": "CVE-2021-44352" }, { "date": "2021-12-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-196" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-196" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda\u00a0AC15\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-015707" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-196" } ], "trust": 0.6 } }
var-201810-0277
Vulnerability from variot
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0277", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac10", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.06.23_cn" }, { "model": "ac15", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.05.19_cn" }, { "model": "ac7", "scope": "eq", "trust": 1.8, "vendor": "tenda", "version": "15.03.06.44_cn" }, { "model": "ac9", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.19\\(6318\\)_cn" }, { "model": "ac18", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac9", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "15.03.05.19(6318)_cn" }, { "model": "ac7 v15.03.06.44 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac9 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac10 v15.03.06.23 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac15 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null }, { "model": "ac18 v15.03.05.19 cn", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\)_cn:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-18731" } ] }, "cve": "CVE-2018-18731", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18731", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-01884", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-129320", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-18731", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-18731", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-01884", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1358", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-129320", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" }, { "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the \u0027deviceMac\u0027 parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. plural Tenda The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products that an attacker can exploit to cause a denial of service (the return address of the override function). The following products and versions are affected: Tenda AC7 V15.03.06.44_CN; AC9 V15.03.05.19(6318)_CN; AC10 V15.03.06.23_CN; AC15 V15.03.05.19_CN; AC18 V15.03.05.19 (6318)_CN version", "sources": [ { "db": "NVD", "id": "CVE-2018-18731" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-18731", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2018-013980", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1358", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2019-01884", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-129320", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" }, { "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "id": "VAR-201810-0277", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" } ], "trust": 1.4927520825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" } ] }, "last_update_date": "2023-12-18T13:43:33.402000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.tenda.com.cn/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013980" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-129320" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://github.com/zillr0/routers/blob/master/tenda/stack4.md" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18731" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18731" }, { "trust": 0.8, "url": "https://github.com/zillr0/routers/blob/master/tenda/stack2.md" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" }, { "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-01884" }, { "db": "VULHUB", "id": "VHN-129320" }, { "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "db": "NVD", "id": "CVE-2018-18731" }, { "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01884" }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-129320" }, { "date": "2019-03-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "date": "2018-10-29T12:29:07.837000", "db": "NVD", "id": "CVE-2018-18731" }, { "date": "2018-10-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2019-01884" }, { "date": "2019-01-29T00:00:00", "db": "VULHUB", "id": "VHN-129320" }, { "date": "2019-03-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013980" }, { "date": "2019-01-29T17:04:03.540000", "db": "NVD", "id": "CVE-2018-18731" }, { "date": "2019-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1358" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1358" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Tenda Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013980" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1358" } ], "trust": 0.6 } }
var-202403-0831
Vulnerability from variot
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the ssid parameter in the form_fast_setting_wifi_set method of the /goform/fast_setting_wifi_set page failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202403-0831", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi" }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15 15.03.20 multi", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2024-2813" } ] }, "cve": "CVE-2024-2813", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "cna@vuldb.com", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CNVD-2024-26324", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cna@vuldb.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-2813", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2024-2813", "trust": 1.8, "value": "CRITICAL" }, { "author": "cna@vuldb.com", "id": "CVE-2024-2813", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2024-26324", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the ssid parameter in the form_fast_setting_wifi_set method of the /goform/fast_setting_wifi_set page failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack", "sources": [ { "db": "NVD", "id": "CVE-2024-2813" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "CNVD", "id": "CNVD-2024-26324" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-2813", "trust": 3.2 }, { "db": "VULDB", "id": "257668", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2024-003038", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-26324", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "id": "VAR-202403-0831", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" } ], "trust": 0.98505748 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" } ] }, "last_update_date": "2024-06-07T22:59:21.644000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 form_fast_setting_wifi_set method buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/554611" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://vuldb.com/?id.257668" }, { "trust": 1.8, "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/form_fast_setting_wifi_set.md" }, { "trust": 1.0, "url": "https://vuldb.com/?ctiid.257668" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-2813" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-26324" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-26324" }, { "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "db": "NVD", "id": "CVE-2024-2813" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-06T00:00:00", "db": "CNVD", "id": "CNVD-2024-26324" }, { "date": "2024-03-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "date": "2024-03-22T07:15:47.110000", "db": "NVD", "id": "CVE-2024-2813" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-06T00:00:00", "db": "CNVD", "id": "CNVD-2024-26324" }, { "date": "2024-03-28T01:20:00", "db": "JVNDB", "id": "JVNDB-2024-003038" }, { "date": "2024-05-17T02:38:31.770000", "db": "NVD", "id": "CVE-2024-2813" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Stack-based buffer overflow vulnerability in firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003038" } ], "trust": 0.8 } }
var-202205-0172
Vulnerability from variot
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971. Shenzhen Tenda Technology Co.,Ltd. of AC15 A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state.
Tenda AC15 has security flaws that can be exploited by attackers to cause stack overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0172", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ac15", "scope": "eq", "trust": 1.0, "vendor": "tenda", "version": "15.03.05.20_multi_tde01" }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": null, "trust": 0.8, "vendor": "tenda", "version": null }, { "model": "ac15", "scope": "eq", "trust": 0.8, "vendor": "tenda", "version": "ac15 firmware 15.03.05.20 multi tde01" }, { "model": "ac15 15.03.05.20 multi tde01", "scope": null, "trust": 0.6, "vendor": "tenda", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi_tde01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-28556" } ] }, "cve": "CVE-2022-28556", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-28556", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-38165", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-28556", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-28556", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-38165", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202205-2140", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-28556", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "VULMON", "id": "CVE-2022-28556" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" }, { "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971. Shenzhen Tenda Technology Co.,Ltd. of AC15 A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. \n\r\n\r\nTenda AC15 has security flaws that can be exploited by attackers to cause stack overflow", "sources": [ { "db": "NVD", "id": "CVE-2022-28556" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "VULMON", "id": "CVE-2022-28556" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-28556", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2022-009240", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-38165", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202205-2140", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-28556", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "VULMON", "id": "CVE-2022-28556" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" }, { "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "id": "VAR-202205-0172", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" } ], "trust": 1.3462292 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" } ] }, "last_update_date": "2023-12-18T11:56:07.805000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Tenda AC15 Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/333211" }, { "title": "Tenda AC15 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192829" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/doudoudedi/tendaac15_vul/blob/main/tendaac15-vul.md" }, { "trust": 1.2, "url": "https://cxsecurity.com/cveshow/cve-2022-28556/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28556" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/770.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "VULMON", "id": "CVE-2022-28556" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" }, { "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-38165" }, { "db": "VULMON", "id": "CVE-2022-28556" }, { "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "db": "NVD", "id": "CVE-2022-28556" }, { "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-20T00:00:00", "db": "CNVD", "id": "CNVD-2022-38165" }, { "date": "2022-05-04T00:00:00", "db": "VULMON", "id": "CVE-2022-28556" }, { "date": "2023-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "date": "2022-05-04T16:15:08.647000", "db": "NVD", "id": "CVE-2022-28556" }, { "date": "2022-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-38165" }, { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2022-28556" }, { "date": "2023-08-03T08:30:00", "db": "JVNDB", "id": "JVNDB-2022-009240" }, { "date": "2023-08-08T14:21:49.707000", "db": "NVD", "id": "CVE-2022-28556" }, { "date": "2022-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202205-2140" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2140" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC15\u00a0 Unlimited or Throttling Resource Allocation Vulnerability in Firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009240" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202205-2140" } ], "trust": 0.6 } }