Details of VAR-202105-1597

ID

VAR-202105-1597

TITLE

Multiple Tenda routers have binary vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-29172

DESCRIPTION

Tenda AC series is a wireless router product of China Tenda (Tenda) company. Many Tenda routers have binary vulnerabilities. Attackers can construct specific ‘timeZone’ parameters to execute arbitrary code using this vulnerability.

Trust: 0.6

sources: CNVD: CNVD-2021-29172

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29172

AFFECTED PRODUCTS

vendor:	tenda	model:	ac5 v1.0rtl v15.03.06.28 multi td01	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac6 v2.0 v15.03.06.23 multi	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac7 v1.0 v15.03.06.44 multi td01	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac9 v3.0 v15.03.06.42 multi td01	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac15 v1.0br v15.03.05.18 multi td01	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac15 v1.0br v15.03.05.19 multi td01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-29172

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-29172
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-29172
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-29172

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-29172

Trust: 0.6

sources: CNVD: CNVD-2021-29172

SOURCES

db:

CNVD

id:

CNVD-2021-29172

LAST UPDATE DATE

2022-05-04T10:21:13.321000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-29172

date:

2021-04-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-29172

date:

2021-05-20T00:00:00