Описание
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Ссылки
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.mdExploitThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Product
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/onSSIDChange/onSSIDChange.mdExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Уязвимость микропрограммного обеспечения маршрутизаторов Tenda WH450, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2