CVE-2020-22079

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

Published: Oct 29, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-22079
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
tendacn / ac10u_firmware	15.03.06.48_multi_tde01	15.03.06.48_multi_tde01.x
tendacn / ac9_firmware	15.03.05.19(6318)	15.03.05.19(6318).x
tendacn / ac9_firmware	15.03.06.42_multi	15.03.06.42_multi.x

https://cwe.mitre.org/data/definitions/121.html
https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11
https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md

Vulnerability Database

290,020

CVE-2020-22079