CVE-2020-28095

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
tendaac1200_firmware
15.03.06.51_multi:_multi
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md
https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md