漏洞标题
AC10U型帐篷formSetDeviceName堆栈基础溢出
漏洞描述信息
在Tenda AC10U 15.03.06.49_multi_TDE01中发现了一个严重漏洞。这种漏洞被归类为“致命”。这个漏洞会影响到函数formSetDeviceName。通过操作参数devName导致的堆栈缓冲区溢出。该攻击可以在远程情况下进行。该漏洞已经公开并且可以被利用。该漏洞的标识符是VDB-252128。注意:此漏洞在发现后立即向供应商进行了通知,但是供应商未作任何回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
跨界内存写
漏洞标题
Tenda AC10U formSetDeviceName stack-based overflow
漏洞描述信息
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
漏洞类别
栈缓冲区溢出
漏洞标题
Tenda AC10 安全漏洞
漏洞描述信息
Tenda AC10是中国腾达(Tenda)公司的一款无线路由器。 Tenda AC10U 15.03.06.49_multi_TDE01 版本存在安全漏洞,该漏洞源于 formSetDeviceName 函数的 devName 参数存在基于堆栈的缓冲区溢出。
CVSS信息
N/A
漏洞类别
其他