CVE-2021-42659 - OpenCVE

There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tenda	Ac9 Ac9 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*

cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*

cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md
https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-24T11:41:53

Updated: 2024-08-04T03:38:50.080Z

Reserved: 2021-10-18T00:00:00

Link: CVE-2021-42659

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-24T12:15:07.590

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-42659

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T11:41:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-42659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md", "refsource": "MISC", "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md"}, {"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948", "refsource": "MISC", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:38:50.080Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-42659", "datePublished": "2022-05-24T11:41:53", "dateReserved": "2021-10-18T00:00:00", "dateUpdated": "2024-08-04T03:38:50.080Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "566DA530-18FC-4A46-95B4-2A7D343A96A7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*", "matchCriteriaId": "D8F25141-8B57-463D-AB97-F52C0143973C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web httpd del router en los dispositivos de router Tenda, como Tenda AC9 versi\u00f3n V1.0 V15.03.02.19(6318) y Tenda AC9 versi\u00f3n V3.0 V15.03.06.42_multi. Cuando es configurado el servicio virtual, el programa httpd es bloqueado y sale cuando es producido el par\u00e1metro de lista superlarga"}], "id": "CVE-2021-42659", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-24T12:15:07.590", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-24948"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}