Vulnerability CVE-2017-9139


Published: 2017-05-21

Description:
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.

CVSS2 => (AV:A/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.7/10
2.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Tendacn -> F1202 firmware 
Tendacn -> F1200 firmware 
Tendacn -> Fh1202 firmware 

 References:
http://www.tendacn.com/en/2017.html

Copyright 2020, cxsecurity.com

 

Back to Top