CVE-2022-25431Out-of-bounds Write in AC9 Firmware

CWE-787Out-of-bounds WriteCWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda AC9 Firmware
Timeline
PublishedMar 18
Latest updateMar 19

Description

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/ac9_firmware15.03.2.21

🔴Vulnerability Details

2
GHSA
GHSA-p7h6-qwqp-xgq8: Tenda AC9 v152022-03-19
CVEList
CVE-2022-25431: Tenda AC9 v152022-03-18
CVE-2022-25431 — Out-of-bounds Write in Tenda | cvebase