Stack Overflow Vulnerability in Tenda W30E Router Product
CVE-2022-45519

7.5HIGH

Key Information:

Vendor: Tenda
Status: W30e Firmware
Vendor: CVE Published:; 8 December 2022

Summary

The Tenda W30E router version V1.0.1.25(633) poses a significant security risk due to a stack overflow vulnerability. This flaw occurs in the '/goform/SafeMacFilter' endpoint, specifically triggered by the 'Go' parameter. Exploitation of this vulnerability could allow attackers to execute arbitrary code, potentially compromising the device's functionality and network integrity. Users of the Tenda W30E should be aware of this issue and ensure proper updates and mitigations are in place to protect their networks.

References

https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W30E/Saf...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Nov 21, 2022