CVE-2020-13394: Buffer Overflow
First published: Fri May 22 2020(Updated: )
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac6 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac6 | =1.0 | |
| Tendacn Ac9 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac9 | =1.0 | |
| Tendacn Ac15 Firmware | =v15.03.05.19_multi_td01 | |
| Tendacn Ac15 | =1.0 | |
| Tendacn Ac18 Firmware | =v15.03.05.19\(6318\) | |
| Tendacn Ac18 | ||
| Tendacn Ac9 Firmware | =v15.03.06.42_multi | |
| Tendacn Ac9 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13394?
CVE-2020-13394 is a buffer overflow vulnerability in the router's web server on Tenda AC6, AC9, AC15, and AC18 devices.
What is the severity of CVE-2020-13394?
CVE-2020-13394 has a severity rating of 9.8 (Critical).
Which Tenda devices are affected by CVE-2020-13394?
Tenda AC6, AC9, AC15, and AC18 devices are affected by CVE-2020-13394.
How does CVE-2020-13394 affect the Tenda routers?
CVE-2020-13394 allows an attacker to exploit a buffer overflow vulnerability in the web server of Tenda routers, potentially leading to remote code execution or denial of service.
Is there a fix for CVE-2020-13394?
Currently, there is no official fix available for CVE-2020-13394. It is recommended to apply any patches or updates provided by the vendor when they become available, and to regularly check for firmware updates.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac6 firmware
- version/tendacn ac6 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac6
- version/tendacn ac6/1.0
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac9
- version/tendacn ac9/1.0
- canonical/tendacn ac15 firmware
- version/tendacn ac15 firmware/v15.03.05.19_multi_td01
- canonical/tendacn ac15
- version/tendacn ac15/1.0
- canonical/tendacn ac18 firmware
- version/tendacn ac18 firmware/v15.03.05.19\(6318\)
- canonical/tendacn ac18
- version/tendacn ac9 firmware/v15.03.06.42_multi
- version/tendacn ac9/3.0