ID
VAR-202207-0139
CVE
CVE-2022-32035
TITLE
Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability stems from the fact that the url parameter of the formMasterMng function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
Trust: 2.25
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | m3 | scope: | eq | version: | 1.0.0.12 | Trust: 1.0 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | m3 firmware 1.0.0.12 | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | v1.0.0.12 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-32035 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2022-012479 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-56548 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202207-279 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-32035 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/d1tto/iot-vuln/tree/main/tenda/m3/formmastermng | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32035 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2022-32035/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2022-56548 |
| db: | VULMON | id: | CVE-2022-32035 |
| db: | JVNDB | id: | JVNDB-2022-012479 |
| db: | CNNVD | id: | CNNVD-202207-279 |
| db: | NVD | id: | CVE-2022-32035 |
LAST UPDATE DATE
2024-08-14T15:27:14.513000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-56548 | date: | 2022-08-12T00:00:00 |
| db: | VULMON | id: | CVE-2022-32035 | date: | 2022-07-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-012479 | date: | 2023-08-30T08:18:00 |
| db: | CNNVD | id: | CNNVD-202207-279 | date: | 2022-10-21T00:00:00 |
| db: | NVD | id: | CVE-2022-32035 | date: | 2023-02-23T17:28:04.583 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-56548 | date: | 2022-08-12T00:00:00 |
| db: | VULMON | id: | CVE-2022-32035 | date: | 2022-07-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-012479 | date: | 2023-08-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-202207-279 | date: | 2022-07-01T00:00:00 |
| db: | NVD | id: | CVE-2022-32035 | date: | 2022-07-01T18:15:09.093 |