Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-46394
HistoryMar 04, 2022 - 2:15 p.m.

Stack overflow

2022-03-0414:15:00
PRIOn knowledge base
www.prio-n.com
4

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.

CPENameOperatorVersion
ax3_firmwareeq16.03.12.10

Related

cnvd 1
cvelist 1
nvd 1
cve 1
checkpoint_advisories 1
cnvd
cnvd
Tenda-AX3 Buffer Overflow Vulnerability (CNVD-2022-20157)
2022-03-08 00:00:00
cvelist
cvelist
CVE-2021-46394
2022-03-04 13:05:00
nvd
nvd
CVE-2021-46394
2022-03-04 14:15:07
cve
cve
CVE-2021-46394
2022-03-04 14:15:07
checkpoint_advisories
checkpoint_advisories
Tenda AX3 Router Buffer Overflow (CVE-2021-46393; CVE-2021-46394)
2022-03-30 00:00:00

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON
Related for PRION:CVE-2021-46394
cnvd1cvelist1nvd1cve1checkpoint_advisories1