CVE-2020-22079 - OpenCVE

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tendacn	Ac9 Ac10u Firmware Ac10u Ac9 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*

References

Link	Resource
https://cwe.mitre.org/data/definitions/121.html	Technical Description
https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11	Broken Link
https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-29T10:19:30

Updated: 2022-07-10T20:18:55

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-22079

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-29T11:15:08.310

Modified: 2022-10-26T13:55:15.213

Link: CVE-2020-22079

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-10T20:18:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22079", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/121.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"name": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11", "refsource": "MISC", "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md", "refsource": "MISC", "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22079", "datePublished": "2021-10-29T10:19:30", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2022-07-10T20:18:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*", "matchCriteriaId": "79A5D098-A57A-4887-8FAD-6BC8D494C235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "matchCriteriaId": "155D1EC2-F6ED-4D3B-9C4D-CF3265BA80D0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", "matchCriteriaId": "C41D8303-D9CC-4E43-9F6E-5185AD348DD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el router AC-10U AC1200 de Tenda versi\u00f3n US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro timeZone de goform/SetSysTimeCfg"}], "id": "CVE-2020-22079", "lastModified": "2022-10-26T13:55:15.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-29T11:15:08.310", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}