CVE-2022-40868Out-of-bounds Write in W20e Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 35.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda W20e Firmware
Timeline
PublishedSep 23
Latest updateSep 25

Description

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenda/w20e_firmware15.11.0.6

🔴Vulnerability Details

2
GHSA
GHSA-4rrx-m76x-mwvv: Tenda W20E router V152022-09-25
CVEList
CVE-2022-40868: Tenda W20E router V152022-09-23