ID

VAR-202207-0021


CVE

CVE-2022-32039


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  m3  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-012783

DESCRIPTION

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the listN parameter of the fromDhcpListClient function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack

Trust: 2.25

sources: NVD: CVE-2022-32039 // JVNDB: JVNDB-2022-012783 // CNVD: CNVD-2022-56552 // VULMON: CVE-2022-32039

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-56552

AFFECTED PRODUCTS

vendor:tendamodel:m3scope:eqversion:1.0.0.12

Trust: 1.0

vendor:tendamodel:m3scope: - version: -

Trust: 0.8

vendor:tendamodel:m3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:m3scope:eqversion:m3 firmware 1.0.0.12

Trust: 0.8

vendor:tendamodel:m3scope:eqversion:v1.0.0.12

Trust: 0.6

sources: CNVD: CNVD-2022-56552 // JVNDB: JVNDB-2022-012783 // NVD: CVE-2022-32039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32039
value: HIGH

Trust: 1.0

NVD: CVE-2022-32039
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-56552
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-275
value: HIGH

Trust: 0.6

VULMON: CVE-2022-32039
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-32039
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-56552
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32039
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32039
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-56552 // VULMON: CVE-2022-32039 // JVNDB: JVNDB-2022-012783 // CNNVD: CNNVD-202207-275 // NVD: CVE-2022-32039

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012783 // NVD: CVE-2022-32039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-275

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-275

EXTERNAL IDS

db:NVDid:CVE-2022-32039

Trust: 3.9

db:JVNDBid:JVNDB-2022-012783

Trust: 0.8

db:CNVDid:CNVD-2022-56552

Trust: 0.6

db:CNNVDid:CNNVD-202207-275

Trust: 0.6

db:VULMONid:CVE-2022-32039

Trust: 0.1

sources: CNVD: CNVD-2022-56552 // VULMON: CVE-2022-32039 // JVNDB: JVNDB-2022-012783 // CNNVD: CNNVD-202207-275 // NVD: CVE-2022-32039

REFERENCES

url:https://github.com/d1tto/iot-vuln/tree/main/tenda/m3/fromdhcplistclient

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-32039

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-32039/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-56552 // VULMON: CVE-2022-32039 // JVNDB: JVNDB-2022-012783 // CNNVD: CNNVD-202207-275 // NVD: CVE-2022-32039

SOURCES

db:CNVDid:CNVD-2022-56552
db:VULMONid:CVE-2022-32039
db:JVNDBid:JVNDB-2022-012783
db:CNNVDid:CNNVD-202207-275
db:NVDid:CVE-2022-32039

LAST UPDATE DATE

2024-08-14T14:37:27.787000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-56552date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-32039date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-012783date:2023-09-01T08:15:00
db:CNNVDid:CNNVD-202207-275date:2022-07-13T00:00:00
db:NVDid:CVE-2022-32039date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-56552date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-32039date:2022-07-01T00:00:00
db:JVNDBid:JVNDB-2022-012783date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202207-275date:2022-07-01T00:00:00
db:NVDid:CVE-2022-32039date:2022-07-01T18:15:09.207