CVE-2017-9139 - OpenCVE

There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tendacn	F1200 F1200 Firmware F1202 F1202 Firmware Fh1202 Fh1202 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tendacn:f1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:f1200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tendacn:fh1202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:fh1202:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tendacn:f1202_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:f1202:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.tendacn.com/en/2017.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-21T22:00:00Z

Updated: 2024-09-16T19:31:40.558Z

Reserved: 2017-05-21T00:00:00Z

Link: CVE-2017-9139

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-05-21T22:29:00.210

Modified: 2017-06-02T19:03:49.123

Link: CVE-2017-9139

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-21T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tendacn.com/en/2017.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.tendacn.com/en/2017.html", "refsource": "MISC", "url": "http://www.tendacn.com/en/2017.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:22.411Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tendacn.com/en/2017.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9139", "datePublished": "2017-05-21T22:00:00Z", "dateReserved": "2017-05-21T00:00:00Z", "dateUpdated": "2024-09-16T19:31:40.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:f1200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C49E0BF5-553E-4122-A5C6-055CA6B78B7B", "versionEndIncluding": "1.2.0.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:f1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "42E86EC1-7A0F-41C4-A098-DF76BD1E7B9F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:fh1202_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "548E58FC-1379-41D9-9400-D80707CBEE42", "versionEndIncluding": "1.2.0.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:fh1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E9CF2B-939C-4E9E-914A-C403A6E45DA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:f1202_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7728F67-89DB-494C-A535-7A24EC414366", "versionEndIncluding": "1.2.0.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:f1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C28522-BB92-4EFD-ABC9-4B5893097AE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds."}, {"lang": "es", "value": "Hay desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en algunos routers Tenda (FH1202/F1202/F1200: versiones anteriores a 1.2.0.20). Las peticiones POST dise\u00f1adas a una direcci\u00f3n URL no especificada dan como resultado una DoS, interrumpiendo el servicio HTTP (utilizado para iniciar sesi\u00f3n en la interfaz de usuario web de un enrutador) durante 1 a 2 segundos."}], "id": "CVE-2017-9139", "lastModified": "2017-06-02T19:03:49.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-21T22:29:00.210", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.tendacn.com/en/2017.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}