CVE-2022-28556Allocation of Resources Without Limits or Throttling in Ac15 Firmware

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
7.5HIGHNVD
CNA9.8
EPSS
0.4%
top 42.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac15 Firmware
Timeline
PublishedMay 4
Latest updateMay 5

Description

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDtenda/ac15_firmware15.03.05.20_multi_tde01

🔴Vulnerability Details

2
GHSA
GHSA-942j-wgv7-6vhf: Tenda AC15 US_AC15V12022-05-05
CVEList
CVE-2022-28556: Tenda AC15 US_AC15V12022-05-04
CVE-2022-28556 — Tenda Ac15 Firmware vulnerability | cvebase