PT-2022-12494 · Tenda · Tenda Routers G3+1

Published

2022-02-04

Updated

2022-02-08

CVE-2021-45995

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A stack overflow was discovered in the function formSetStaticRoute, allowing attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.

Recommendations For Tenda routers G1 and G3 version 15.11.0.17(9502) CN, consider disabling the formSetStaticRoute function as a temporary workaround until a patch is available. Restrict access to the static route configuration to minimize the risk of exploitation. Avoid using the staticRouteNet, staticRouteMask, and staticRouteGateway parameters in the affected function until the issue is resolved.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-45995

Affected Products

Tenda Routers G1

Tenda Routers G3

PT-2022-12494 · Tenda · Tenda Routers G3+1

CVE-2021-45995

Weakness Enumeration

Related Identifiers

Affected Products

References · 4