PT-2022-12488 · Tenda · Tenda Routers G3+1

Published

2022-02-04

Updated

2022-02-08

CVE-2021-45989

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A stack overflow was discovered in the function guestWifiRuleRefresh(). This issue allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.

Recommendations For Tenda routers G1 and G3 version 15.11.0.17(9502) CN, consider disabling the guestWifiRuleRefresh() function as a temporary workaround to minimize the risk of exploitation. Restrict access to the parameters qosGuestUpstream and qosGuestDownstream to prevent potential Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-45989

Affected Products

Tenda Routers G1

Tenda Routers G3

PT-2022-12488 · Tenda · Tenda Routers G3+1

CVE-2021-45989

Weakness Enumeration

Related Identifiers

Affected Products

References · 5