CVE-2021-27705

Published: Apr 14, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.

Affected (2)

Products: Tenda: G1 Firmware, G3 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda G1 Firmware	Version v15.11.0.17(9502)_cn

Running on/with	Platform Versions
Tenda G1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda G3 Firmware	Version v15.11.0.17(9502)_cn

Running on/with	Platform Versions
Tenda G3	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://hackmd.io/Zb7lfFaNR0ScpaTssECFbg

Source: cve@mitre.org

ExploitThird Party Advisory

https://hackmd.io/Zb7lfFaNR0ScpaTssECFbg

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.