PT-2021-19491 · Tenda · Tenda Ac11

Published

2021-05-07

Updated

2021-05-10

CVE-2021-31757

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda AC11 versions through 02.03.01.104 CN

Description A stack buffer overflow issue allows attackers to execute arbitrary code on the system via a crafted post request to the "goform/setVLAN" API endpoint.

Recommendations For versions through 02.03.01.104 CN, as a temporary workaround, consider restricting access to the "goform/setVLAN" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-31757

Affected Products

Tenda Ac11

PT-2021-19491 · Tenda · Tenda Ac11

CVE-2021-31757

Weakness Enumeration

Related Identifiers

Affected Products

References · 3