CVE-2020-20746: Buffer Overflow
First published: Thu Sep 30 2021(Updated: )
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tendacn Ac9 Firmware | =15.03.06.60_en | |
| Tendacn Ac9 | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-20746.
What is the severity of CVE-2020-20746?
The severity of CVE-2020-20746 is high with a CVSS score of 7.2.
How does CVE-2020-20746 affect Tenda AC9 firmware version 15.03.06.60_EN?
CVE-2020-20746 allows remote attackers to execute arbitrary code or cause a denial of service (DoS) on Tenda AC9 firmware version 15.03.06.60_EN through a crafted POST request to /goform/SetStaticRouteCfg.
Is Tenda AC9 firmware version 3.0 affected by CVE-2020-20746?
No, Tenda AC9 firmware version 3.0 is not affected by CVE-2020-20746.
How can I fix CVE-2020-20746?
To fix CVE-2020-20746, it is recommended to update Tenda AC9 firmware to a version that is not vulnerable.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/tendacn
- canonical/tendacn ac9 firmware
- version/tendacn ac9 firmware/15.03.06.60_en
- canonical/tendacn ac9
- version/tendacn ac9/3.0