An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function. It is advised to update Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 immediately.

Another critical vulnerability was discovered in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.

In addition Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has an out-of-bounds read vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.

Lastly Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has a stack buffer overflow vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 RCE and CSRF Vulnerabilities

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has several vulnerabilities that allow attackers to execute remote code on the device via a request, which can lead to Code Injection Attacks and Cross-Site Request Forgery (CSRF) Attacks.

These vulnerabilities include:
CVE-2022-41482-Remote Code Execution Vulnerability
CVE-2022-41485-Code Injection Attack Vulnerability
CVE-2022-41526-Cross Site Scripting Attack Vulnerability

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Remote Code Execution and Stored XSS vulnerabili

Additionally, Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 has an out-of-bounds read vulnerability and a stack buffer overflow vulnerability. An attacker can exploit these vulnerabilities by sending a specially crafted request to the 0x47c5dc function.

Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01

Another critical vulnerability was discovered in Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.

In addition Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01 also has an out-of-bounds read vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.

Timeline

Published on: 10/13/2022 19:15:00 UTC
Last modified on: 10/18/2022 17:32:00 UTC

References