Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-13393

Published: 22/05/2020 Updated: 27/05/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ac6 Firmware

Vulnerability Summary

An issue exists on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tendacn ac6_firmware v15.03.05.19_multi_td01

tendacn ac9_firmware v15.03.05.19\\(6318\\)

tendacn ac15_firmware v15.03.05.19_multi_td01

tendacn ac18_firmware v15.03.05.19\\(6318\\)

tendacn ac9_firmware v15.03.06.42_multi

References

CWE-120https://joel-malwarebenchmark.github.iohttps://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254CVE-2024-32515CVE-2024-21338validationCVE-2024-32522dosCVE-2024-2101CVE-2024-21107elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook