Details of VAR-201902-0926

ID

VAR-201902-0926

TITLE

Tenda AC9 router has multiple buffer overflow vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2019-00016

DESCRIPTION

Tenda AC9 router is a router produced by Shenzhen Lucky Tenda Technology Co., Ltd. The Tenda AC9 router has multiple buffer overflow vulnerabilities. The vulnerability stems from the fact that the length of the parameters of the http request is not limited in the background of the router. Attackers can use this vulnerability to hijack the control flow.

Trust: 0.6

sources: CNVD: CNVD-2019-00016

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-00016

AFFECTED PRODUCTS

vendor:

lucky tenda

model:

ac9 router

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2019-00016

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-00016
value:	LOW
Trust: 0.6

CNVD:	CNVD-2019-00016
severity:	LOW
baseScore:	1.4
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-00016

PATCH

title:

Tenda ac9v1.0 router has multiple buffer overflow vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/148027

Trust: 0.6

sources: CNVD: CNVD-2019-00016

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-00016

Trust: 0.6

sources: CNVD: CNVD-2019-00016

SOURCES

db:

CNVD

id:

CNVD-2019-00016

LAST UPDATE DATE

2022-05-04T09:28:46.059000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-00016

date:

2019-01-08T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-00016

date:

2019-02-06T00:00:00