PT-2020-16926 · Tenda · Tenda Ac1200
Published
2020-12-30
·
Updated
2025-07-07
·
CVE-2020-28095
CVSS v2.0
7.8
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Exploit
Infinite Loop
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac1200
Published
2020-12-30
·
Updated
2025-07-07
·
CVE-2020-28095
7.8
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Tenda AC1200 (Model AC6) version 15.03.06.51 multi
Description:
A large HTTP POST request sent to the "change password API" will trigger the router to crash and enter an infinite boot loop.
Recommendations:
For Tenda AC1200 (Model AC6) version 15.03.06.51 multi, as a temporary workaround, consider restricting access to the change password API until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Infinite Loop