9.8
CVE-2020-13389
- EPSS 2.15%
- Veröffentlicht 22.05.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:01:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tendacn ≫ Ac6 Firmware Versionv15.03.05.19_multi_td01
Tendacn ≫ Ac9 Firmware Versionv15.03.05.19(6318)
Tendacn ≫ Ac15 Firmware Versionv15.03.05.19_multi_td01
Tendacn ≫ Ac18 Firmware Versionv15.03.05.19(6318)
Tendacn ≫ Ac9 Firmware Versionv15.03.06.42_multi
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.15% | 0.827 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.