Stack Overflow in Tenda AC1206 by Tenda
CVE-2022-37799

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac1206 Firmware
Vendor: CVE Published:; 25 August 2022

What is CVE-2022-37799?

The Tenda AC1206 device, under version V15.03.06.23, is susceptible to a stack overflow vulnerability caused by improper handling of the time parameter in the setSmartPowerManagement function. This flaw could potentially allow an attacker to exploit the device's operation, leading to unauthorized access or further security breaches. It is essential for users to monitor for updates and apply necessary security patches to mitigate any risks associated with this vulnerability.

References

https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Aug 8, 2022