Stack Overflow Vulnerability in Tenda AX12 Router
CVE-2022-25560

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ax12 Firmware
Vendor: CVE Published:; 10 March 2022

What is CVE-2022-25560?

A stack overflow vulnerability has been identified in the Tenda AX12 router version 22.03.01.21. This flaw exists in the sub_4327CC function and can be exploited by attackers to create a Denial of Service (DoS) condition. By sending specially crafted input through the list parameter, unauthorized users can disrupt the normal functioning of the device, leading to unavailability and impacting users. It is crucial for users of affected devices to apply the necessary security patches to mitigate this risk.

References

https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/4

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
Feb 21, 2022