Sign-up

ID

VAR-202207-0222


CVE

CVE-2022-32386


TITLE

Tenda AC23 fromAdvSetMacMtuWan function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51586

DESCRIPTION

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Tenda AC23 is a dual-band Gigabit wireless router from Tenda, China. A buffer overflow vulnerability exists in Tenda AC23 v16.03.07.44, which stems from the lack of proper validation of the length in the fromAdvSetMacMtuWan function. An attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.44

sources: NVD: CVE-2022-32386 // CNVD: CNVD-2022-51586

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51586

AFFECTED PRODUCTS

vendor:tendacnmodel:ac23 ac2100scope:eqversion:16.03.07.44

Trust: 1.0

vendor:tendamodel:ac23scope:eqversion:v16.03.07.44

Trust: 0.6

sources: CNVD: CNVD-2022-51586 // NVD: CVE-2022-32386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32386
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2022-51586
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-444
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-32386
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-32386
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-51586
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32386
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-51586 // VULMON: CVE-2022-32386 // CNNVD: CNNVD-202207-444 // NVD: CVE-2022-32386

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2022-32386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-444

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-444

EXTERNAL IDS

db:NVDid:CVE-2022-32386

Trust: 2.3

db:CNVDid:CNVD-2022-51586

Trust: 0.6

db:CNNVDid:CNNVD-202207-444

Trust: 0.6

db:VULMONid:CVE-2022-32386

Trust: 0.1

sources: CNVD: CNVD-2022-51586 // VULMON: CVE-2022-32386 // CNNVD: CNNVD-202207-444 // NVD: CVE-2022-32386

REFERENCES

url:http://tenda.com

Trust: 1.7

url:https://github.com/lugakki/vuln/blob/main/tenda%20ac23.pdf

Trust: 1.7

url:http://ac23.com

Trust: 1.7

url:https://drive.google.com/file/d/1xptet10yjt9wclrit6ypdv5olp-u6dbr/view?usp=sharing

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32386

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32386/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-51586 // VULMON: CVE-2022-32386 // CNNVD: CNNVD-202207-444 // NVD: CVE-2022-32386

SOURCES

db:CNVDid:CNVD-2022-51586
db:VULMONid:CVE-2022-32386
db:CNNVDid:CNNVD-202207-444
db:NVDid:CVE-2022-32386

LAST UPDATE DATE

2024-08-14T14:10:42.684000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51586date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-32386date:2022-07-14T00:00:00
db:CNNVDid:CNNVD-202207-444date:2022-07-15T00:00:00
db:NVDid:CVE-2022-32386date:2022-07-14T01:00:17.753

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51586date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-32386date:2022-07-06T00:00:00
db:CNNVDid:CNNVD-202207-444date:2022-07-06T00:00:00
db:NVDid:CVE-2022-32386date:2022-07-06T12:15:08.360