PT-2022-17364 · Tenda · Tenda Ax12
Published
2022-03-09
·
Updated
2022-03-18
·
CVE-2022-25556
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda AX12 version 22.03.01.21
Description
A stack overflow was discovered in the function sub 42E328, allowing attackers to cause a Denial of Service (DoS) via the
list parameter.Recommendations
For Tenda AX12 version 22.03.01.21, consider disabling the sub 42E328 function as a temporary workaround until a patch is available. Restrict access to the
list parameter in the affected API endpoint to minimize the risk of exploitation.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ax12