Denial of Service Vulnerability in Tenda PA6 Powerline Extender
CVE-2019-19506

7.5HIGH

Key Information:

Vendor: Tenda
Status: Pa6 Firmware
Vendor: CVE Published:; 25 June 2020

Summary

The Tenda PA6 Wi-Fi Powerline Extender version 1.0.1.21 is exposed to a denial of service vulnerability due to a flaw in the 'homeplugd' process. An attacker can exploit this security gap by sending a specially crafted UDP packet, leading to unwanted reboots of the device. This presents significant risks to the device's availability, particularly in environments where stable network connectivity is crucial.

References

https://securityintelligence.com/posts/vulnerable-powerli...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2020
Vulnerability Reserved
Dec 2, 2019