PT-2021-19490 · Tenda · Tenda Ac11

Published

2021-05-07

Updated

2021-05-10

CVE-2021-31756

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC11 devices with firmware through 02.03.01.104 CN

Description A stack buffer overflow issue allows attackers to execute arbitrary code on the system via a crafted post request to the "gofrom/setwanType" API endpoint. This occurs when an input vector controlled by a malicious attack gets copied to a stack variable.

Recommendations For Tenda AC11 devices with firmware through 02.03.01.104 CN, consider restricting access to the "/gofrom/setwanType" API endpoint until a patch is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-31756

Affected Products

Tenda Ac11

PT-2021-19490 · Tenda · Tenda Ac11

CVE-2021-31756

Weakness Enumeration

Related Identifiers

Affected Products

References · 3