PT-2022-12492 · Tenda · Tenda Routers G3+1

Published

2022-02-04

Updated

2022-02-08

CVE-2021-45993

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A stack overflow was discovered in the function formIPMacBindModify, allowing attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters.

Recommendations For Tenda routers G1 and G3 version 15.11.0.17(9502) CN, consider disabling the formIPMacBindModify function as a temporary workaround until a patch is available. Restrict access to the IPMacBindRuleIP and IPMacBindRuleMac parameters to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-45993

Affected Products

Tenda Routers G1

Tenda Routers G3

PT-2022-12492 · Tenda · Tenda Routers G3+1

CVE-2021-45993

Weakness Enumeration

Related Identifiers

Affected Products

References · 5