ID
VAR-202207-0177
CVE
CVE-2022-32043
TITLE
Shenzhen Tenda Technology Co.,Ltd. of m3 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Shenzhen Tenda Technology Co.,Ltd. of m3 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. The vulnerability originates from the fact that the info parameter of the formSetAccessCodeInfo function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack
Trust: 2.25
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | m3 | scope: | eq | version: | 1.0.0.12 | Trust: 1.0 |
| vendor: | tenda | model: | m3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | m3 firmware 1.0.0.12 | Trust: 0.8 |
| vendor: | tenda | model: | m3 | scope: | eq | version: | v1.0.0.12 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-32043 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2022-012780 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-56549 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202207-272 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-32043 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/d1tto/iot-vuln/tree/main/tenda/m3/formsetaccesscodeinfo | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32043 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2022-32043/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/770.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2022-56549 |
| db: | VULMON | id: | CVE-2022-32043 |
| db: | JVNDB | id: | JVNDB-2022-012780 |
| db: | CNNVD | id: | CNNVD-202207-272 |
| db: | NVD | id: | CVE-2022-32043 |
LAST UPDATE DATE
2024-08-14T15:21:45.857000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-56549 | date: | 2022-08-12T00:00:00 |
| db: | VULMON | id: | CVE-2022-32043 | date: | 2022-07-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-012780 | date: | 2023-09-01T08:15:00 |
| db: | CNNVD | id: | CNNVD-202207-272 | date: | 2022-07-13T00:00:00 |
| db: | NVD | id: | CVE-2022-32043 | date: | 2023-08-08T14:21:49.707 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-56549 | date: | 2022-08-12T00:00:00 |
| db: | VULMON | id: | CVE-2022-32043 | date: | 2022-07-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-012780 | date: | 2023-09-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202207-272 | date: | 2022-07-01T00:00:00 |
| db: | NVD | id: | CVE-2022-32043 | date: | 2022-07-01T18:15:09.320 |