Stack Overflow Vulnerability in Tenda W30E by Tenda
CVE-2022-45507

7.5HIGH

Key Information:

Vendor: Tenda
Status: W30e Firmware
Vendor: CVE Published:; 8 December 2022

Summary

A stack overflow vulnerability was identified in the Tenda W30E at the editNameMit parameter in the /goform/editFileName endpoint. This flaw could allow an attacker to exploit the vulnerability, potentially leading to unauthorized access or disruption of the device. It is crucial for users of the affected version to apply mitigations to ensure the security and integrity of their devices.

References

https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W30E/edi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Nov 21, 2022