Stack Overflow Vulnerability in Tenda W30E Device
CVE-2022-45511

7.5HIGH

Key Information:

Vendor: Tenda
Status: W30e Firmware
Vendor: CVE Published:; 8 December 2022

Badges

👾 Exploit Exists

Summary

A stack overflow vulnerability has been identified in the Tenda W30E device, specifically affecting version V1.0.1.25(633). The flaw can be triggered through the PPPOEPassword parameter in the QuickIndex interface, potentially allowing malicious actors to execute arbitrary code or disrupt service. Organizations using this device should urgently assess their exposure and implement necessary security measures.

References

https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W30E/Qui...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 21, 2022
👾
Exploit known to exist
Dec 21, 2022
Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Nov 21, 2022