Details of VAR-202205-0172

ID

VAR-202205-0172

CVE

CVE-2022-28556

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC15 Unlimited or Throttling Resource Allocation Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-009240

DESCRIPTION

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971. Shenzhen Tenda Technology Co.,Ltd. of AC15 A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. Tenda AC15 has security flaws that can be exploited by attackers to cause stack overflow

Trust: 2.25

sources: NVD: CVE-2022-28556 // JVNDB: JVNDB-2022-009240 // CNVD: CNVD-2022-38165 // VULMON: CVE-2022-28556

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-38165

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	eq	version:	15.03.05.20_multi_tde01	Trust: 1.0
vendor:	tenda	model:	ac15	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	ac15 firmware 15.03.05.20 multi tde01	Trust: 0.8
vendor:	tenda	model:	ac15 15.03.05.20 multi tde01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-38165 // JVNDB: JVNDB-2022-009240 // NVD: CVE-2022-28556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28556
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-28556
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-38165
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202205-2140
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-28556
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-28556
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-38165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-28556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-28556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-38165 // VULMON: CVE-2022-28556 // JVNDB: JVNDB-2022-009240 // CNNVD: CNNVD-202205-2140 // NVD: CVE-2022-28556

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009240 // NVD: CVE-2022-28556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2140

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2140

PATCH

title:	Patch for Tenda AC15 Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/333211	Trust: 0.6
title:	Tenda AC15 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192829	Trust: 0.6

sources: CNVD: CNVD-2022-38165 // CNNVD: CNNVD-202205-2140

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28556	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-009240	Trust: 0.8
db:	CNVD	id:	CNVD-2022-38165	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2140	Trust: 0.6
db:	VULMON	id:	CVE-2022-28556	Trust: 0.1

sources: CNVD: CNVD-2022-38165 // VULMON: CVE-2022-28556 // JVNDB: JVNDB-2022-009240 // CNNVD: CNNVD-202205-2140 // NVD: CVE-2022-28556

REFERENCES

url:	https://github.com/doudoudedi/tendaac15_vul/blob/main/tendaac15-vul.md	Trust: 2.5
url:	https://cxsecurity.com/cveshow/cve-2022-28556/	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28556	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/770.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-38165 // VULMON: CVE-2022-28556 // JVNDB: JVNDB-2022-009240 // CNNVD: CNNVD-202205-2140 // NVD: CVE-2022-28556

SOURCES

db:	CNVD	id:	CNVD-2022-38165
db:	VULMON	id:	CVE-2022-28556
db:	JVNDB	id:	JVNDB-2022-009240
db:	CNNVD	id:	CNNVD-202205-2140
db:	NVD	id:	CVE-2022-28556

LAST UPDATE DATE

2024-11-23T22:04:54.250000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-38165	date:	2022-05-19T00:00:00
db:	VULMON	id:	CVE-2022-28556	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009240	date:	2023-08-03T08:30:00
db:	CNNVD	id:	CNNVD-202205-2140	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-28556	date:	2024-11-21T06:57:30.647

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-38165	date:	2022-05-20T00:00:00
db:	VULMON	id:	CVE-2022-28556	date:	2022-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-009240	date:	2023-08-03T00:00:00
db:	CNNVD	id:	CNNVD-202205-2140	date:	2022-05-04T00:00:00
db:	NVD	id:	CVE-2022-28556	date:	2022-05-04T16:15:08.647