CVE-2022-28556

EUVD-2022-32998
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
tendaac15_firmware
15.03.05.20_multi_tde01:_multi_tde01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md
https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md