PT-2022-17361 · Tenda · Tenda Ax1806
Published
2022-03-09
·
Updated
2022-03-12
·
CVE-2022-25553
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda AX1806 version 1.0.0.1
Description
A stack overflow was discovered in the function formSetSysToolDDNS, allowing attackers to cause a Denial of Service (DoS) via the
ddnsPwd parameter.Recommendations
For Tenda AX1806 version 1.0.0.1, consider disabling the formSetSysToolDDNS function as a temporary workaround until a patch is available. Avoid using the
ddnsPwd parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ax1806