Stack Overflow Vulnerability in Tenda TX3 Router
CVE-2022-43029

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Tx3 Firmware
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43029?

The Tenda TX3 Router is susceptible to a stack overflow vulnerability via the 'time' parameter at the endpoint /goform/SetSysTimeCfg. This weakness can be exploited by attackers to run arbitrary code, potentially leading to unauthorized access and compromise of the device. Users are advised to apply available patches and follow best security practices to mitigate this risk.

References

https://github.com/tianhui999/myCVE/blob/main/TX3/TX3-4.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022