An attacker can send a specially crafted HTTP request to the affected device, causing the device to crash.
Another critical issue found in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 is a stack-based buffer overflow in the OpenSSL library. This vulnerability allows remote attackers to cause a Denial of Service (DoS) via a large number of data sent with maliciously crafted SSL/TLS messages.
An attacker can send a specially crafted HTTP request to the affected device, causing the device to crash.
These issues have been assigned Common Vulnerability Scoring System (CVSS) values between 4 and 6, which indicate critical vulnerabilities.
In addition to the critical vulnerabilities, Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 is also vulnerable to a number of medium severity issues, including remote code execution and information disclosure.
These issues have been assigned CVSS values between 3 and 5, which indicate medium severity vulnerabilities. CVE-2018-12925 : A remote code execution vulnerability exists in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 due to insecure handling of user input. An attacker can exploit this vulnerability to execute code in the context of the affected Tenda AC1200 US_AC6
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Software Amenities
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 software is affected by a number of vulnerabilities, including a stack-based buffer overflow vulnerability that can be exploited to cause a Denial of Service (DoS) via a large number of data sent with maliciously crafted SSL/TLS messages and an information disclosure vulnerability that can be exploited to obtain sensitive information, including private keys and plaintext HTTP requests.
An attacker could exploit these vulnerabilities to obtain sensitive information such as private keys or plaintext HTTP requests from the affected device and use it for malicious purposes.
How to Use this Guide
The guide will assist you in determining whether your product is affected by these vulnerabilities. If you cannot find your model listed, try searching for it using the Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 name or CVE identifier (e.g., CVE-2018-12925).
If the product you are using is listed, review the associated CVSS score and determine if it is critical, medium, or low severity based on the CVSS classification system. If a vulnerability in your product has been identified, be sure to follow instructions for mitigating these vulnerabilities and learn about how to report these issues to Tenda.
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Authentication Bypass
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 allows remote attackers to bypass authentication, via the "admin" account, by sending a "POST /login.cgi?bad=%20
Timeline
Published on: 10/13/2022 19:15:00 UTC
Last modified on: 11/04/2022 19:57:00 UTC