Buffer Overflow in Tenda Router AX12 by Tenda
CVE-2021-45391

7.5HIGH

Key Information:

Vendor
Tenda
Status
Ax12 Firmware
Vendor
CVE Published:
16 February 2022

Summary

A buffer overflow vulnerability has been detected in the Tenda Router AX12 specifically within the setIPv6Status function of the HTTP daemon. This vulnerability occurs due to improper handling of the conType parameter, which can lead to a Denial of Service condition. Exploitation of this vulnerability may allow an attacker to disrupt the normal operation of the router, making the device inaccessible for legitimate users.

References

https://www.tenda.com.cn/
x_refsource_MISC
http://tendawifi.com/index.html
x_refsource_MISC
https://www.tenda.com.cn/product/AX12.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.