An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function. It is advised to update Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 immediately.
Another critical vulnerability was discovered in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.
In addition Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has an out-of-bounds read vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.
Lastly Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has a stack buffer overflow vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 RCE and CSRF Vulnerabilities
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 also has several vulnerabilities that allow attackers to execute remote code on the device via a request, which can lead to Code Injection Attacks and Cross-Site Request Forgery (CSRF) Attacks.
These vulnerabilities include:
CVE-2022-41482-Remote Code Execution Vulnerability
CVE-2022-41485-Code Injection Attack Vulnerability
CVE-2022-41526-Cross Site Scripting Attack Vulnerability
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Remote Code Execution and Stored XSS vulnerabili
Additionally, Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 has an out-of-bounds read vulnerability and a stack buffer overflow vulnerability. An attacker can exploit these vulnerabilities by sending a specially crafted request to the 0x47c5dc function.
Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01
Another critical vulnerability was discovered in Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.
In addition Tenda AC1300 US_AC1300RTL_V15.03.06.51_multi_TDE01 also has an out-of-bounds read vulnerability. This vulnerability allows attackers to remotely execute a Code Injection Attack via a crafted request. An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function.
Timeline
Published on: 10/13/2022 19:15:00 UTC
Last modified on: 10/18/2022 17:32:00 UTC