Lucene search

ZdiCVELIST:CVE-2021-35003

HistoryJan 21, 2022 - 3:45 p.m.

CVE-2021-35003

2022-01-2115:45:14

CWE-121

zdi

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.

CNA Affected

[
  {
    "product": "Archer C90",
    "vendor": "TP-Link",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.6 Build 20200114 rel.73164(5553)"
      }
    ]
  }
]

References

www.zerodayinitiative.com/advisories/ZDI-22-080/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVELIST:CVE-2021-35003