CVE-2020-13393: Buffer Overflow
First published: Fri May 22 2020(Updated: )
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac6 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac6 | =1.0 | |
| Tendacn Ac9 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac9 | =1.0 | |
| Tendacn Ac15 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac15 | =1.0 | |
| Tendacn Ac18 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac18 | ||
| Tendacn Ac9 Firmware | =v15.03.06.42_multi | |
| Tendacn Ac9 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13393?
CVE-2020-13393 is a buffer overflow vulnerability in the web server of Tenda AC6, AC9, AC15, and AC18 routers.
Which devices are affected by CVE-2020-13393?
Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices are affected.
How severe is CVE-2020-13393?
CVE-2020-13393 has a severity score of 9.8, which is considered critical.
How can I fix CVE-2020-13393?
To fix CVE-2020-13393, it is recommended to update to the latest firmware version provided by Tenda.
Where can I find more information about CVE-2020-13393?
More information about CVE-2020-13393 can be found on the following links: [link1](https://joel-malwarebenchmark.github.io), [link2](https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/)
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac6 firmware
- version/tendacn ac6 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac6
- version/tendacn ac6/1.0
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac9
- version/tendacn ac9/1.0
- canonical/tendacn ac15 firmware
- version/tendacn ac15 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac15
- version/tendacn ac15/1.0
- canonical/tendacn ac18 firmware
- version/tendacn ac18 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac18
- version/tendacn ac9 firmware/v15.03.06.42_multi
- version/tendacn ac9/3.0