Stack Overflow Vulnerability in Tenda AC9 by Tenda
CVE-2022-36570

7.2HIGH

Key Information:

Vendor: Tenda
Status: Ac9 Firmware
Vendor: CVE Published:; 31 August 2022

What is CVE-2022-36570?

The Tenda AC9 router, specifically version V15.03.05.19, is susceptible to a stack overflow vulnerability triggered by the 'time' parameter in the SetLEDCfg function. Exploiting this flaw could potentially allow attackers to execute arbitrary code, compromising the device's security and operation. It is crucial for users to be aware of this issue and apply available security updates to mitigate the risks associated with this vulnerability.

References

https://github.com/CyberUnicornIoT/IoTvuln/blob/main/Tend...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2022
Vulnerability Reserved
Jul 25, 2022