Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.
References
Link | Resource |
---|---|
https://hackmd.io/Zb7lfFaNR0ScpaTssECFbg | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-14T14:52:09
Updated: 2021-04-14T14:52:09
Reserved: 2021-02-25T00:00:00
Link: CVE-2021-27705
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-14T15:15:13.970
Modified: 2021-04-20T21:43:49.410
Link: CVE-2021-27705
JSON object: View
Redhat Information
No data.
CWE