Description

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

Related CPE's

o

tenda

ac10_firmware

2

h

tenda

ac10

2

o

tenda

ac1206_firmware

15.03.06.23

Vulnerable

h

tenda

ac1206

-

o

tenda

ac8_firmware

16.03.34.06

Vulnerable

h

tenda

ac8

4.0

o

tenda

ac6_firmware

15.03.06.23

Vulnerable

h

tenda

ac6

2.0

o

tenda

ac7_firmware

15.03.06.44

Vulnerable

h

tenda

ac7

1.0

o

tenda

f1203_firmware

2.0.1.6

Vulnerable

h

tenda

f1203

-

o

tenda

ac5_firmware

15.03.06.28

Vulnerable

h

tenda

ac5

1.0

o

tenda

fh1203_firmware

2.0.1.6

Vulnerable

h

tenda

fh1203

-

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-07T19:15:10.977

1 year ago

Last modified

2023-08-10T17:17:05.110

1 year ago