CVE-2020-22079Out-of-bounds Write in Ac10u Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
6.6%
top 8.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tendacn Ac10u FirmwareTendacn AC9 Firmware
Timeline
PublishedOct 29
Latest updateMay 24

Description

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtendacn/ac9_firmware15.03.05.19\(6318\), 15.03.06.42_multi+1
NVDtendacn/ac10u_firmware15.03.06.48_multi_tde01

🔴Vulnerability Details

2
GHSA
GHSA-6w98-944g-gpp5: Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV12022-05-24
CVEList
CVE-2020-22079: Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV12021-10-29
CVE-2020-22079 — Out-of-bounds Write in Ac10u Firmware | cvebase