CVE-2022-41480 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 has a buffer overflow in the 0x475dc function.

To exploit this vulnerability, an attacker would send a specially crafted HTTP request to the targeted Tenda WiFi device. An example of such a request can be found below.

GET /cgi/cmd.cgi?cmd=getinfo&id=0&format=json HTTP/1.1 Host: 192.168.1.100 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/63.0.3239.84 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.1 Accept-Encoding: gzip, deflate Referer: http://192.168.1.100/cgi/main.html Cookie: PHPSESSID=12f754510d4a4f3b3faed0b2c8fda9 Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Upon receiving this request, the Tenda WiFi device will crash and a DoS condition will be achieved. The device will halt any ongoing processing and halt any ongoing HTTP requests, thus resulting in a complete Denial of Service. End users should be on the lookout for such activities and ensure proper mitigations are in

Products Affected

Tenda WiFi devices are impacted by this vulnerability.

Vulnerability Details

The vulnerability affects the Tenda WiFi device running firmware version 1.7.0. If the vulnerable device is connected to the internet, an attacker can exploit this vulnerability in order to conduct a Denial of Service attack on that device by sending a specially crafted HTTP request to it. This attack specifically targets devices running these particular versions of the Tenda WiFi firmware:
•Tenda W322U-2
•Tenda W111U-F1
•Tenda W303R-E1

In order to exploit this vulnerability, an attacker would need to send a malicious HTTP request which would crash the affected device and cause a Denial of Service condition on it. The following provides an example of such a request:
GET /cgi/cmd.cgi?cmd=getinfo&id=0&format=json HTTP/1.1 Host: 192.168.1.100 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/63.0.3239.84 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.1 Accept-Encoding: gzip, deflate Referer: http://192.168.1.100/cgi/main.html Cookie

Timeline

Published on: 10/13/2022 19:15:00 UTC
Last modified on: 10/18/2022 17:32:00 UTC

References

• https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc%20-%20name.md
• https://www.tendacn.com/download/detail-3794.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41480