This issue was discovered during fuzzing of Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 application. A remote attacker could exploit this vulnerability to execute arbitrary code with root privileges. Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is prone to a stack overflow vulnerability. This issue results from the lack of validation of user-supplied data, which can result in a situation where a stack buffer overflow occurs, allowing the execution of arbitrary code. This vulnerability can be exploited through malicious or compromised web-sites or applications. An attacker can leverage vulnerabilities in applications to perform phishing and privilege escalation, including by sending a malicious link via social network or via email.
CVE-2017-2688 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is prone to an integer overflow vulnerability. The code of Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 does not handle integer overflow properly, which may lead to a buffer overflow or other memory corruption. Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 Indentation Bypass
CVE-2017-2689 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 contains a vulnerability that is caused by the lack of security restrictions on the crtbegin/crdend routines, which could allow an attacker to overwrite memory when an application uses both functions in close succession, therefore resulting in arbitrary code execution with root privileges. Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is prone to a stack overflow vulnerability due to the lack of validation of user-supplied data, which can result in a situation where a stack buffer overflow occurs, allowing the execution of arbitrary code by an attacker who has access to the targeted system.
Vulnerability summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is prone to two vulnerabilities: a stack overflow vulnerability and an integer overflow vulnerability.
^
Timeline
Published on: 10/12/2022 19:15:00 UTC
Last modified on: 10/14/2022 14:58:00 UTC