Heap overflow

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post...

Multiple Tenda products httpd buffer overflow vulnerability (CNVD-2019-01884)

Tenda AC7 and others are wireless router products from Tenda in China. httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products, which can be exploited by an attacker to cause a denial of service overwrite the return address of a functi...

CVE-2018-18731

CVE-2018-18731 affects Tenda AC7/AC9/AC10/AC15/AC18 devices (versions listed in initial documents) where a buffer overflow exists in the router’s httpd web server. During processing of the POST parameter 'deviceMac', the value is used directly in sprintf to a stack variable, which can override th...

CVE-2018-18729

Affected devices are Tenda routers AC7 (V15.03.06.44_CN), AC9 (V15.03.05.19(6318)_CN), AC10 (V15.03.06.23_CN), AC15 (V15.03.05.19_CN), and AC18 (V15.03.05.19(6318)_CN). The issue is a heap-based buffer overflow in the router web server (httpd). During processing of the mac parameter for a POST re...

CVE-2018-18732

The CVE-2018-18732 issue affects Tenda AC7 (V15.03.06.44_CN), AC9 (V15.03.05.19(6318)_CN), AC10 (V15.03.06.23_CN), AC15 (V15.03.05.19_CN), and AC18 (V15.03.05.19(6318)_CN) devices. A buffer overflow exists in the router web server (httpd) triggered while processing the ntpServer parameter in a PO...

CVE-2018-18708

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function...

CVE-2018-18708

The CVE-2018-18708 vulnerability affects Tenda routers (AC7, AC9, AC10, AC15, AC18 with CN firmware). It is a buffer overflow in the httpd web server triggered by the page parameter in fromAddressNat during a POST request, where the value is passed to sprintf into a stack local variable, potentia...

CVE-2018-18709

CVE-2018-18709 affects Tenda AC7 (V15.03.06.44_CN), AC9 (V15.03.05.19(6318)_CN), AC10 (V15.03.06.23_CN), AC15 (V15.03.05.19_CN), and AC18 (V15.03.05.19(6318)_CN) devices. The issue is a buffer overflow in the router’s web server (httpd): during processing of the POST parameter firewallEn, the val...

[SECURITY] Fedora 27 Update: mod_http2-1.11.1-1.fc27

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Apache Httpd < 2.4.38 : DoS for HTTP/2 connections via slow request bodies

By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

[SECURITY] Fedora 28 Update: mod_http2-1.11.1-1.fc28

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

ADB Epicentro Buffer Overflow Vulnerability (CNVD-2018-20873 )

ADB Epicentro is a set of firmware used in ADB gateway and router devices from ADB Switzerland. httpd is one of the HTTP servers. A buffer overflow vulnerability exists in httpd in ADB Epicentro version E7.3.2+. A remote attacker could exploit this vulnerability to execute code with the help of a...

CVE-2018-7631

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication...

CVE-2018-7632

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL...

CVE-2018-7631

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication...

CVE-2018-7632

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL...

Buffer overflow

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL...

CVE-2018-7632

Buffer Overflow in httpd in EpiCentro E7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL...

CVE-2018-7632

CVE-2018-7632 concerns the httpd component of EpiCentro firmware (E_7.3.2+). The vulnerability is a buffer overflow triggered by a remote attacker sending a specially crafted GET request whose URL begins with a leading ‘/’. The consequence documented is a denial of service. Exploitation details, ...

CVE-2018-7631

CVE-2018-7631 involves a buffer overflow in the httpd component of EpiCentro firmware (E_7.3.2+) that allows remote code execution via a specially crafted GET request lacking a leading '/' and without authentication. Multiple connected sources corroborate the issue, describing an RCE risk tied to...