The vulnerability occurs when the system is processing a large amount of requests through the list parameter within a short period of time. This could be exploited by attackers to perform a denial-of-service attack on the application. /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ was discovered to have a stack overflow vulnerability. In most cases, the application does not permit requests with a large amount of parameters, but some applications permit large amounts of parameters, which may result in a stack overflow.
/Vendor/Tenda/Tenda.Inject.Web/1.0/s/form/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/form/SetVirtualServerCfg/ was discovered to have a stack overflow vulnerability. In most cases, the application does not permit requests with a large amount of parameters, but some applications permit large amounts of parameters, which may result in a stack overflow.
Security Risk:
The vulnerability is a security risk due to the lack of input validation in the application. The application does not validate any input, which allows for attackers to cause a denial-of-service attack on the system or perform other actions that could crash the system.
According to CVE, these vulnerabilities are related to known vulnerabilities with Tenda routers and primarily target those who use Tenda devices.
Vulnerable software: Tenda Router
CVE-2023-43033
The vulnerability occurs when the system is processing a large amount of requests through the list parameter within a short period of time. This could be exploited by attackers to perform a denial-of-service attack on the application. /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ was discovered to have stack overflow vulnerability in most cases, with no protection mechanism in place against such attacks and a large amount of parameters processed by this method within a short period of time which may result in a stack overflow.
The CVE vulnerabilities discussed above are whitelisted for release for public disclosure on July 01, 2019, due to the severity and threat potential associated with these vulnerabilities
Timeline
Published on: 10/19/2022 19:15:00 UTC
Last modified on: 10/20/2022 16:55:00 UTC