Stack Overflow Vulnerability in Tenda TX3 Firewall Configuration
CVE-2022-43027

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Tx3 Firmware
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43027?

The Tenda TX3 vulnerability involves a stack overflow that can be exploited via the 'firewallEn' parameter within the firewall configuration settings. This flaw, discovered in the US_TX3V1.0br_V16.03.13.11_multi_TDE01 version, could potentially allow attackers to execute arbitrary code, resulting in unauthorized access to the device and network compromise. This poses significant risks to users relying on Tenda devices for their networking solutions.

References

https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-5.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022