CVE-2022-45995

Published: Jan 5, 2023Modified: Apr 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.

Affected (1)

Products: Tenda: Ax12 Firmware

Tenda

1 product

Ax12 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ax12 Firmware	Version 22.03.01.21_cn

Running on/with	Platform Versions
Tenda Ax12	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/bugfinder0/public_bug/tree/main/tenda/ax12/1

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/bugfinder0/public_bug/tree/main/tenda/ax12/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.