CVE-2020-13392: Buffer Overflow
First published: Fri May 22 2020(Updated: )
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac6 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac6 | =1.0 | |
| Tendacn Ac9 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac9 | =1.0 | |
| Tendacn Ac15 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac15 | =1.0 | |
| Tendacn Ac18 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac18 | ||
| Tendacn Ac9 Firmware | =v15.03.06.42_multi | |
| Tendacn Ac9 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13392?
CVE-2020-13392 is a buffer overflow vulnerability in the httpd web server of Tenda AC6, AC9, AC15, and AC18 devices.
Which Tenda devices are affected by CVE-2020-13392?
Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN are affected.
What is the severity of CVE-2020-13392?
The severity of CVE-2020-13392 is rated as critical with a CVSS score of 9.8.
How can I fix CVE-2020-13392?
To fix CVE-2020-13392, update the firmware of your Tenda AC6, AC9, AC15, or AC18 device to a version that addresses the vulnerability.
Where can I find more information about CVE-2020-13392?
You can find more information about CVE-2020-13392 on the following references: [Link 1](https://joel-malwarebenchmark.github.io) and [Link 2](https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- vendor/tendacn
- canonical/tendacn ac6 firmware
- version/tendacn ac6 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac6
- version/tendacn ac6/1.0
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac9
- version/tendacn ac9/1.0
- canonical/tendacn ac15 firmware
- version/tendacn ac15 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac15
- version/tendacn ac15/1.0
- canonical/tendacn ac18 firmware
- version/tendacn ac18 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac18
- version/tendacn ac9 firmware/v15.03.06.42_multi
- version/tendacn ac9/3.0