CVE-2018-14492: Buffer Overflow
First published: Sat Jul 21 2018(Updated: )
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac7 Firmware | <=15.03.06.44_cn | |
| Tendacn Ac7 | ||
| Tendacn Ac9 Firmware | <=v15.03.05.19\(6318\)_cn | |
| Tendacn Ac9 | ||
| Tendacn Ac10 Firmware | <=15.03.06.23_cn | |
| Tendacn Ac10 | ||
| Tendacn Ac15 Firmware | <=15.03.05.19_cn | |
| Tendacn Ac15 | ||
| Tendacn Ac18 Firmware | <=15.03.05.19\(6318\)_cn | |
| Tendacn Ac18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Tenda AC7, AC9, and AC10 vulnerability?
The vulnerability ID for this Tenda AC7, AC9, and AC10 vulnerability is CVE-2018-14492.
What is the severity of CVE-2018-14492?
The severity of CVE-2018-14492 is high with a CVSS score of 7.5.
How does this vulnerability impact Tenda AC7, AC9, and AC10 devices?
This vulnerability allows an attacker to trigger a stack-based buffer overflow by sending a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI on Tenda AC7, AC9, and AC10 devices.
Which Tenda devices and firmware versions are affected by CVE-2018-14492?
Tenda AC7 devices with firmware up to and including V15.03.06.44_CN, AC9 devices with firmware up to and including V15.03.05.19(6318)_CN, and AC10 devices with firmware up to and including V15.03.06.23_CN are affected by CVE-2018-14492.
Are Tenda AC7, AC9, and AC10 devices vulnerable to CVE-2018-14492?
Yes, Tenda AC7, AC9, and AC10 devices are vulnerable to CVE-2018-14492 if they are running the affected firmware versions.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac7 firmware
- version/tendacn ac7 firmware/15.03.06.44_cn
- canonical/tendacn ac7
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/v15.03.05.19\(6318\)_cn
- canonical/tendacn ac9
- canonical/tendacn ac10 firmware
- version/tendacn ac10 firmware/15.03.06.23_cn
- canonical/tendacn ac10
- canonical/tendacn ac15 firmware
- version/tendacn ac15 firmware/15.03.05.19_cn
- canonical/tendacn ac15
- canonical/tendacn ac18 firmware
- version/tendacn ac18 firmware/15.03.05.19\(6318\)_cn
- canonical/tendacn ac18