PT-2022-21063 · Tenda · Tenda M3
Published
2022-07-01
·
Updated
2023-01-20
·
CVE-2022-32036
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda M3 version 1.0.0.12
Description
The issue is related to multiple stack overflow vulnerabilities. These vulnerabilities can be exploited via the
ssidList, storeName, and trademark parameters in the formSetStoreWeb() function.Recommendations
For Tenda M3 version 1.0.0.12, consider disabling the
formSetStoreWeb() function until a patch is available. Restrict access to the parameters ssidList, storeName, and trademark to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda M3