CVE-2020-13391: Buffer Overflow
First published: Fri May 22 2020(Updated: )
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac6 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac6 | =1.0 | |
| Tendacn Ac9 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac9 | =1.0 | |
| Tendacn Ac15 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac15 | =1.0 | |
| Tendacn Ac18 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac18 | ||
| Tendacn Ac9 Firmware | =v15.03.06.42_multi | |
| Tendacn Ac9 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13391?
CVE-2020-13391 is a buffer overflow vulnerability in the web server of Tenda AC6, AC9, AC15, and AC18 devices.
What is the severity of CVE-2020-13391?
CVE-2020-13391 has a severity rating of 9.8, which is considered critical.
Which Tenda devices are affected by CVE-2020-13391?
Tenda AC6, AC9, AC15, and AC18 devices are affected by CVE-2020-13391.
How can I fix CVE-2020-13391?
There is currently no official fix available for CVE-2020-13391. It is recommended to stay updated with the vendor's security advisories for any patches or mitigation techniques.
Where can I find more information about CVE-2020-13391?
You can find more information about CVE-2020-13391 on the official CVE website and the following reference links: [link1], [link2].
- collector/nvd-index
- agent/weakness
- agent/event
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac6 firmware
- version/tendacn ac6 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac6
- version/tendacn ac6/1.0
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac9
- version/tendacn ac9/1.0
- canonical/tendacn ac15 firmware
- version/tendacn ac15 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac15
- version/tendacn ac15/1.0
- canonical/tendacn ac18 firmware
- version/tendacn ac18 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac18
- version/tendacn ac9 firmware/v15.03.06.42_multi
- version/tendacn ac9/3.0