Published: 02/09/2018 Updated: 25/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

An issue exists on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tendacn ac18_firmware
tendacn ac15_firmware 15.03.05.19
tendacn ac10_firmware 15.03.06.23
tendacn ac9_firmware 15.03.05.19
tendacn ac7_firmware 15.03.06.44

Iot-vulhub 自建镜像版

iotvulhub自建镜像使用指南本项目根据 firmianay/IoT-vulhub 进行加工，原作者删除了 dockerhub 中的镜像，我在本地构建后重新上传 iotvulhub自建镜像使用指南目前可用镜像提交镜像方法准备工作部分漏洞复现 TP-Link WR841N 栈溢出漏洞（CVE-2020-8423） Tenda AC15 栈溢出漏洞（CVE-2018-16333）遇到�

CWE-119 https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md https://nvd.nist.gov https://github.com/kal1x/iotvulhub

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-16333

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect