CVE-2020-13394
Published May 22, 2020
Last updated 4 years ago
Overview
- Description
- An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-120
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5" } ], "operator": "OR" } ], "operator": "AND" } ]