Stack Buffer Overflow Vulnerability in Tenda AC11 Devices
CVE-2021-31756

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac11 Firmware
Vendor: CVE Published:; 7 May 2021

What is CVE-2021-31756?

A stack buffer overflow vulnerability exists in Tenda AC11 devices running specific firmware versions. This issue occurs in the /gofrom/setwanType endpoint, where malicious input can be exploited through crafted POST requests. When the attacker-controlled input is incorrectly handled, it leads to arbitrary code execution on the device, potentially compromising the system's integrity and security.

References

https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_1

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2021
Vulnerability Reserved
Apr 23, 2021