CVE-2022-28556 | SynScan

Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2022-28556

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971

Published: May 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-28556
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
tenda / ac15_firmware	15.03.05.20_multi_tde01	15.03.05.20_multi_tde01.x

https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md