CVE-2021-46393

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.5%
top 12.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AX3 Firmware
Timeline
PublishedMar 4
Latest updateMar 5

Description

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ax3_firmware16.03.12.10

🔴Vulnerability Details

2
GHSA
GHSA-ch3h-mp89-prf7: There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V162022-03-05
CVEList
CVE-2021-46393: There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V162022-03-04
CVE-2021-46393 (CRITICAL CVSS 9.8) | There is a stack buffer overflow vu | cvebase.io