// For flags

CVE-2021-46394

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.

Se presenta una vulnerabilidad de desbordamiento del buffer de pila en la función formSetPPTPServer del router Tenda-AX3 versión V16.03.12.10_CN. La variable v13 es recuperada directamente del parámetro startIp de la petición http. Entonces v13 será empalmada a la pila por la función sscanf sin ninguna comprobación de seguridad, lo que causa un desbordamiento de la pila. Al enviar por POST la página /goform/SetPptpServerCfg con la startIp apropiada, el atacante puede llevar a cabo fácilmente una ejecución de código remota con datos de desbordamiento cuidadosamente diseñados

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-18 CVE Reserved
  • 2022-03-04 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/4 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tenda
Search vendor "Tenda"
 Ax3 Firmware
Search vendor "Tenda" for product "Ax3 Firmware"
 16.03.12.10
Search vendor "Tenda" for product "Ax3 Firmware" and version "16.03.12.10"
-
Affected
in Tenda
Search vendor "Tenda"
 Ax3
Search vendor "Tenda" for product "Ax3"
--
Safe