Lucene search

[email protected]NVD:CVE-2020-28095

HistoryDec 30, 2020 - 9:15 p.m.

CVE-2020-28095

2020-12-3021:15:12

CWE-835

[email protected]

web.nvd.nist.gov

tenda ac1200

router crash

http post

change password api

security vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.8%

JSON

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Affected configurations

Nvd

Node

tendaac1200_firmwareMatch15.03.06.51_multi

AND

tendaac1200Matchac6

VendorProductVersionCPE
tendaac1200_firmware15.03.06.51_multicpe:2.3:o:tenda:ac1200_firmware:15.03.06.51_multi:*:*:*:*:*:*:*
tendaac1200ac6cpe:2.3:h:tenda:ac1200:ac6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac1200_firmware	15.03.06.51_multi	cpe:2.3:o:tenda:ac1200_firmware:15.03.06.51_multi:::::::*
tenda	ac1200	ac6	cpe:2.3:h:tenda:ac1200:ac6:::::::*

References

github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.8%

JSON

Related for NVD:CVE-2020-28095

checkpoint_advisories1 cvelist1 prion1 cve1