This vulnerability can be exploited when a user visits an malicious link or opens an attacker-controlled file on the system. Vulnerable systems will crash when parsing a malicious link or when opening a file that an attacker has access to. End users should avoid clicking on links in emails or opening attachments in messages when working on systems that are connected to the Internet to reduce the risk of being exploited.
Tenda i9 v1.0.0.8(3828) is vulnerable when using CGI programs, when using the static method, and when using the static method.
A race condition exists when using the static method. The session cookie of an attacker-controlled backend server is stored in the session variable. The insecure usage of the session variable can be exploited to cause a Denial of Service (DoS).
Tenda i9 v1.0.0.8(3828) CGI Usage Vulnerability
CGI programs are vulnerable to this vulnerability because of the race condition that can be exploited. The CGI program attempts to parse a malicious link and then crashes when parsing the link. As a result, an attacker could cause a Denial of Service (DoS) by exploiting this vulnerability.
Vulnerable when using CGI programs
This vulnerability can be exploited when a user visits an malicious link or opens an attacker-controlled file on the system. Vulnerable systems will crash when parsing a malicious link or when opening a file that an attacker has access to. End users should avoid clicking on links in emails or opening attachments in messages when working on systems that are connected to the Internet to reduce the risk of being exploited.
Timeline
Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 03:56:00 UTC