Stack Overflow Vulnerability in Tenda AC1206 by Tenda
CVE-2022-37798

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac1206 Firmware
Vendor: CVE Published:; 25 August 2022

What is CVE-2022-37798?

The Tenda AC1206 router has been found to contain a stack overflow vulnerability due to improper handling of the 'list' parameter in the formSetVirtualSer function. This flaw could potentially allow an attacker to execute arbitrary code or gain unauthorized access to the device, leading to security breaches and compromised network integrity. It's vital for users to update their devices to the latest firmware to mitigate risks associated with this vulnerability.

References

https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Aug 8, 2022