Stack Overflow Vulnerability in Tenda W30E Router
CVE-2022-45523

7.5HIGH

Key Information:

Vendor: Tenda
Status: W30e Firmware
Vendor: CVE Published:; 8 December 2022

Summary

A stack overflow vulnerability has been identified in the Tenda W30E router, specifically through the page parameter at the /goform/L7Im endpoint. This flaw can potentially be exploited by unauthorized users, leading to abnormal behavior of the device or execution of arbitrary code. It is crucial for users to apply available patches and monitor their network for any unusual activities to mitigate potential risks.

References

https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W30E/L7I...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Nov 21, 2022