Stack Overflow Vulnerability in Tenda A15 Router
CVE-2022-47116

7.5HIGH

Key Information:

Vendor: Tenda
Status: A15 Firmware
Vendor: CVE Published:; 30 December 2022

What is CVE-2022-47116?

The Tenda A15 router, version V15.13.07.13, has been identified to have a vulnerability that allows for a stack overflow through the SYSPS parameter at the SysToolChangePwd endpoint. This flaw can lead to potential unauthorized access or denial of service, compromising the security and integrity of the device. Protect your network by ensuring you are running the latest firmware and implementing appropriate security measures.

References

https://brief-nymphea-813.notion.site/Vul1-A15-bof-SysToo...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2022
Vulnerability Reserved
Dec 12, 2022