PT-2022-12496 · Tenda · Tenda Routers G3+1

Published

2022-02-04

Updated

2022-02-08

CVE-2021-45997

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A stack overflow was discovered in the function formSetPortMapping, allowing attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal parameters.

Recommendations For Tenda routers G1 and G3 version 15.11.0.17(9502) CN, consider disabling the formSetPortMapping function as a temporary workaround to minimize the risk of exploitation. Restrict access to the portMappingServer, portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal parameters to prevent Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-45997

Affected Products

Tenda Routers G1

Tenda Routers G3

PT-2022-12496 · Tenda · Tenda Routers G3+1

CVE-2021-45997

Weakness Enumeration

Related Identifiers

Affected Products

References · 6