OpenCVE

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tendacn	Ac10u Ac10u Firmware Ac9 Ac9 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cwe.mitre.org/data/definitions/121.html
https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11
https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-29T10:19:30

Updated: 2024-08-04T14:51:10.418Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-22079

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-29T11:15:08.310

Modified: 2022-10-26T13:55:15.213

Link: CVE-2020-22079

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-10T20:18:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22079", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/121.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"name": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11", "refsource": "MISC", "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md", "refsource": "MISC", "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:51:10.418Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22079", "datePublished": "2021-10-29T10:19:30", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:10.418Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*", "matchCriteriaId": "79A5D098-A57A-4887-8FAD-6BC8D494C235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "matchCriteriaId": "155D1EC2-F6ED-4D3B-9C4D-CF3265BA80D0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", "matchCriteriaId": "C41D8303-D9CC-4E43-9F6E-5185AD348DD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el router AC-10U AC1200 de Tenda versi\u00f3n US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro timeZone de goform/SetSysTimeCfg"}], "id": "CVE-2020-22079", "lastModified": "2022-10-26T13:55:15.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-29T11:15:08.310", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://cwe.mitre.org/data/definitions/121.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}