漏洞标题
Tenda W15E 客户端WifiRuleRefresh栈溢出
漏洞描述信息
在Tenda W15E 15.11.0.14中发现了一个漏洞,被分类为严重。受影响的是guestWifiRuleRefresh功能。操纵参数qosGuestDownstream会导致栈溢出。远程发动攻击是可能的。该漏洞的标识符为VDB-261870。注意:供应商在此次披露早期就被联系,但未以任何方式回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
跨界内存写
漏洞标题
Tenda W15E guestWifiRuleRefresh stack-based overflow
漏洞描述信息
A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
栈缓冲区溢出
漏洞标题
Tenda W15E 安全漏洞
漏洞描述信息
Tenda W15E是中国腾达(Tenda)公司的一款无线路由器。 Tenda W15E 15.11.0.14 版本存在安全漏洞,该漏洞源于 guestWifiRuleRefresh 方法的 qosGuestDownstream 参数存在缓冲区溢出漏洞。
CVSS信息
N/A
漏洞类别
其他