Details of VAR-202211-1291

ID

VAR-202211-1291

CVE

CVE-2022-44163

TITLE

Tenda AC21 formSetMacFilterCfg function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-87030

DESCRIPTION

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Tenda AC21 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that its formSetMacFilterCfg function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

Trust: 1.44

sources: NVD: CVE-2022-44163 // CNVD: CNVD-2022-87030

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87030

AFFECTED PRODUCTS

vendor:	tenda	model:	ac21	scope:	eq	version:	16.03.08.15	Trust: 1.0
vendor:	tenda	model:	ac21	scope:	eq	version:	v16.03.08.15	Trust: 0.6

sources: CNVD: CNVD-2022-87030 // NVD: CVE-2022-44163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44163
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-44163
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-87030
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202211-3201
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-87030
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-44163
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-87030 // CNNVD: CNNVD-202211-3201 // NVD: CVE-2022-44163 // NVD: CVE-2022-44163

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2022-44163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3201

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3201

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44163	Trust: 2.2
db:	CNVD	id:	CNVD-2022-87030	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3201	Trust: 0.6

sources: CNVD: CNVD-2022-87030 // CNNVD: CNNVD-202211-3201 // NVD: CVE-2022-44163

REFERENCES

url:	https://drive.google.com/file/d/1jmwnxvkc-hfsiudnapgx_exbytcalssk/view?usp=sharing	Trust: 2.2
url:	https://cxsecurity.com/cveshow/cve-2022-44163/	Trust: 0.6

sources: CNVD: CNVD-2022-87030 // CNNVD: CNNVD-202211-3201 // NVD: CVE-2022-44163

SOURCES

db:	CNVD	id:	CNVD-2022-87030
db:	CNNVD	id:	CNNVD-202211-3201
db:	NVD	id:	CVE-2022-44163

LAST UPDATE DATE

2025-04-30T02:52:43.170000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87030	date:	2022-12-12T00:00:00
db:	CNNVD	id:	CNNVD-202211-3201	date:	2022-12-15T00:00:00
db:	NVD	id:	CVE-2022-44163	date:	2025-04-29T16:15:26.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87030	date:	2022-12-08T00:00:00
db:	CNNVD	id:	CNNVD-202211-3201	date:	2022-11-21T00:00:00
db:	NVD	id:	CVE-2022-44163	date:	2022-11-21T16:15:25.910