CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.

This application was found to have a large time value, which may have been due to user input, and may have been exploited via malicious code.
The first time this was discovered was on November 27, and patched on November 28. The second time this was discovered was on December 7, and patched on December 8. The last time this was discovered was on December 13, and patched on December 13.

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE02 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE03

This application was found to have a large time value, which may have been due to user input, and may have been exploited via malicious code.
The first time this was discovered was on November 27, and patched on November 28. The second time this was discovered was on December 7, and patched on December 8. The last time this was discovered was on December 13, and patched on December 13.
A vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE02 has been found that could allow remote code execution from an authenticated session with the admin interface as shown below:

Tenda TX3 US_TX3V2.0br_V16.03.13.11_multi_TDE04

The first time this was discovered was on November 27, and patched on December 8. The last time this was discovered was on December 13, and patched on December 13.

Timeline

Published on: 10/19/2022 19:15:00 UTC
Last modified on: 10/20/2022 16:54:00 UTC

References