CVE-2022-42080 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has a heap overflow vulnerability.

An attacker can create a sched_start_time value to trigger a heap overflow by sending an integer value that is greater than the maximum value. If an application is configured to accept sched_start_time values of 0, 1, 2, 3, and 4, an attacker can craft a malicious data payload to cause a denial of service condition via a race condition.

This vulnerability is related to CVE-2018-9120 and has been assigned the identifier CVE-2018-9120.
This issue was addressed by not accepting sched_start_time values of 0, 1, 2, 3, and 4.

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has an exploitable memory corruption vulnerability in the sched_set_cq_threshold() function due to improper validation of input values. An attacker can craft a malicious data payload to force the application to read memory beyond the end of the allocated buffer via a race condition. If an application is configured to accept a value of 0, 1, 2, 3, and 4 for the sched_set_cq_threshold function, an attacker can force an overflow and cause a denial of service condition via a race condition.

This issue was addressed by validating the input values of the sched_set_cq_threshold function.

Tenda AC1206 US_AC12

Tenda AC1206 US_AC12.0RTL_V15.03.06.23_multi_TD01

CVE-2022-42080
An attacker can craft a malicious data payload to cause a denial of service condition via a race condition. If an application is configured to accept sched_start_time values of 0, 1, 2, 3, and 4, an attacker can craft a malicious data payload to cause a denial of service condition via a race condition.
Tenda AC1206 US_AC12.0RTL_V15.03.06.23_multi_TD01 has an exploitable memory corruption vulnerability in the sched_set_cq_threshold() function due to improper validation of input values. An attacker can craft a malicious data payload to force the application to read memory beyond the end of the allocated buffer via a race condition. If an application is configured to accept a value of 0, 1, 2, 3, and 4 for the sched_set_cq_threshold function, an attacker can force an overflow and cause a denial of service condition via a race condition.

Tenda AC1206 US_AC12: Heap Based Vulnerability

The Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has an exploitable heap-based vulnerability in the sched_set_cq_threshold() function due to improper validation of input values. An attacker can craft a malicious data payload to force the application to read memory beyond the end of the allocated buffer via a race condition, which could allow for arbitrary code execution by overwriting return addresses and so on. If an application is configured to accept a value of 0, 1, 2, 3, and 4 for the sched_set_cq_threshold function, an attacker can force an overflow and cause a denial of service condition via a race condition.

This issue was addressed by validating the input values of the sched_set_cq_threshold function.

Tenda AC1206 US_AC12 Firmware V15.00.00.02 and V15.03.06.23 have an exploitable memory corruption vu ability in the sched_set_cq_threshold() function due to improper validation of input values. An attacker can craft a malicious data payload to force the application to read memory beyond the end of the allocated buffer via a race condition. If an application is configured to accept a value of 0, 1, 2, 3, and 4 for the sched_set_cq_threshold function, an attacker can force an overflow and cause a denial of service condition via a race condition.


This issue was addressed by validating the input values of the sched_set_cq_threshold function.

Timeline

Published on: 10/12/2022 19:15:00 UTC
Last modified on: 10/14/2022 14:58:00 UTC

References