Sign-up

ID

VAR-202207-0251


CVE

CVE-2022-32385


TITLE

Tenda  of  ac23 ac2100  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-012762

DESCRIPTION

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). Tenda of ac23 ac2100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC23 is a dual-band Gigabit wireless router from Tenda, China. A stack overflow vulnerability exists in the Tenda AC23 v16.03.07.44 version, which stems from the lack of proper validation of the length in the WifiBasicSet function. An attacker could exploit this vulnerability to execute arbitrary code

Trust: 2.25

sources: NVD: CVE-2022-32385 // JVNDB: JVNDB-2022-012762 // CNVD: CNVD-2022-51587 // VULMON: CVE-2022-32385

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51587

AFFECTED PRODUCTS

vendor:tendacnmodel:ac23 ac2100scope:eqversion:16.03.07.44

Trust: 1.0

vendor:tendamodel:ac23 ac2100scope:eqversion:ac23 ac2100 firmware 16.03.07.44

Trust: 0.8

vendor:tendamodel:ac23 ac2100scope: - version: -

Trust: 0.8

vendor:tendamodel:ac23 ac2100scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac23scope:eqversion:v16.03.07.44

Trust: 0.6

sources: CNVD: CNVD-2022-51587 // JVNDB: JVNDB-2022-012762 // NVD: CVE-2022-32385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32385
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-32385
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-51587
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-446
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-32385
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-32385
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-51587
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32385
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32385
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-51587 // VULMON: CVE-2022-32385 // JVNDB: JVNDB-2022-012762 // CNNVD: CNNVD-202207-446 // NVD: CVE-2022-32385

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012762 // NVD: CVE-2022-32385

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-446

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-446

EXTERNAL IDS

db:NVDid:CVE-2022-32385

Trust: 3.9

db:JVNDBid:JVNDB-2022-012762

Trust: 0.8

db:CNVDid:CNVD-2022-51587

Trust: 0.6

db:CNNVDid:CNNVD-202207-446

Trust: 0.6

db:VULMONid:CVE-2022-32385

Trust: 0.1

sources: CNVD: CNVD-2022-51587 // VULMON: CVE-2022-32385 // JVNDB: JVNDB-2022-012762 // CNNVD: CNNVD-202207-446 // NVD: CVE-2022-32385

REFERENCES

url:http://tenda.com

Trust: 2.5

url:https://github.com/lugakki/vuln/blob/main/tenda%20ac23.pdf

Trust: 2.5

url:https://drive.google.com/file/d/1wyc9cbd3nw2bfbrhgcaaheyjk1g2a21y/view?usp=sharing

Trust: 2.5

url:http://ac23.com

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-32385

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-32385/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-51587 // VULMON: CVE-2022-32385 // JVNDB: JVNDB-2022-012762 // CNNVD: CNNVD-202207-446 // NVD: CVE-2022-32385

SOURCES

db:CNVDid:CNVD-2022-51587
db:VULMONid:CVE-2022-32385
db:JVNDBid:JVNDB-2022-012762
db:CNNVDid:CNNVD-202207-446
db:NVDid:CVE-2022-32385

LAST UPDATE DATE

2024-08-14T15:11:24.670000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51587date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-32385date:2022-07-13T00:00:00
db:JVNDBid:JVNDB-2022-012762date:2023-09-01T08:15:00
db:CNNVDid:CNNVD-202207-446date:2022-07-14T00:00:00
db:NVDid:CVE-2022-32385date:2022-07-13T18:26:21.943

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51587date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-32385date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-012762date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202207-446date:2022-07-06T00:00:00
db:NVDid:CVE-2022-32385date:2022-07-06T12:15:08.317