Stack Overflow Vulnerability in Tenda TX3 Products
CVE-2022-43028

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Tx3 Firmware
Vendor: CVE Published:; 19 October 2022

Summary

The Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 has been identified to have a stack overflow issue stemming from the timeZone parameter in the /goform/SetSysTimeCfg endpoint. This vulnerability may allow malicious actors to exploit the device, leading to potentially unauthorized access or control. Users are advised to implement security measures to mitigate risks associated with this vulnerability.

References

https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-3.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022