CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.

The vulnerability occurs when the system is processing a large amount of requests through the list parameter within a short period of time. This could be exploited by attackers to perform a denial-of-service attack on the application. /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ was discovered to have a stack overflow vulnerability. In most cases, the application does not permit requests with a large amount of parameters, but some applications permit large amounts of parameters, which may result in a stack overflow.

/Vendor/Tenda/Tenda.Inject.Web/1.0/s/form/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/form/SetVirtualServerCfg/ was discovered to have a stack overflow vulnerability. In most cases, the application does not permit requests with a large amount of parameters, but some applications permit large amounts of parameters, which may result in a stack overflow.

Security Risk:

The vulnerability is a security risk due to the lack of input validation in the application. The application does not validate any input, which allows for attackers to cause a denial-of-service attack on the system or perform other actions that could crash the system.

According to CVE, these vulnerabilities are related to known vulnerabilities with Tenda routers and primarily target those who use Tenda devices.

Vulnerable software: Tenda Router

CVE-2023-43033

The vulnerability occurs when the system is processing a large amount of requests through the list parameter within a short period of time. This could be exploited by attackers to perform a denial-of-service attack on the application. /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ The /Vendor/Tenda/Tenda.Inject.Web/1.0/s/list/SetVirtualServerCfg/ was discovered to have stack overflow vulnerability in most cases, with no protection mechanism in place against such attacks and a large amount of parameters processed by this method within a short period of time which may result in a stack overflow.

The CVE vulnerabilities discussed above are whitelisted for release for public disclosure on July 01, 2019, due to the severity and threat potential associated with these vulnerabilities

Timeline

Published on: 10/19/2022 19:15:00 UTC
Last modified on: 10/20/2022 16:55:00 UTC

References