Buffer Overflow Vulnerability in Tenda AC9 Routers
CVE-2021-42659

6.5MEDIUM

Key Information:

Vendor: Tenda
Status: Ac9 Firmware
Vendor: CVE Published:; 24 May 2022

Summary

A buffer overflow vulnerability exists in the httpd web server of Tenda AC9 router models. This issue arises when a super-long list parameter is set during virtual service configuration, which causes the httpd program to crash unexpectedly. This can result in loss of service and potential unauthorized access to the device.

References

https://github.com/Lyc-heng/routers/blob/main/routers/sta...

x_refsource_MISC

https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2022
Vulnerability Reserved
Oct 18, 2021