Sign-up

ID

VAR-202207-0094


CVE

CVE-2022-32032


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-012482

DESCRIPTION

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability arises from the fact that the deviceList parameter of the formAddMacfilterRule function does not check the length of the input data. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2022-32032 // JVNDB: JVNDB-2022-012482 // CNVD: CNVD-2022-56542 // VULMON: CVE-2022-32032

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-56542

AFFECTED PRODUCTS

vendor:tendamodel:ax1806scope:eqversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ax1806scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ax1806scope:eqversion:ax1806 firmware 1.0.0.1

Trust: 0.8

vendor:tendamodel:ax1806scope: - version: -

Trust: 0.8

vendor:tendamodel:ax1806scope:eqversion:v1.0.0.1

Trust: 0.6

sources: CNVD: CNVD-2022-56542 // JVNDB: JVNDB-2022-012482 // NVD: CVE-2022-32032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32032
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-32032
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-56542
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-282
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-32032
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-32032
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-56542
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-32032
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32032
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-56542 // VULMON: CVE-2022-32032 // JVNDB: JVNDB-2022-012482 // CNNVD: CNNVD-202207-282 // NVD: CVE-2022-32032

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012482 // NVD: CVE-2022-32032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-282

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-282

EXTERNAL IDS

db:NVDid:CVE-2022-32032

Trust: 3.9

db:JVNDBid:JVNDB-2022-012482

Trust: 0.8

db:CNVDid:CNVD-2022-56542

Trust: 0.6

db:CNNVDid:CNNVD-202207-282

Trust: 0.6

db:VULMONid:CVE-2022-32032

Trust: 0.1

sources: CNVD: CNVD-2022-56542 // VULMON: CVE-2022-32032 // JVNDB: JVNDB-2022-012482 // CNNVD: CNNVD-202207-282 // NVD: CVE-2022-32032

REFERENCES

url:https://github.com/d1tto/iot-vuln/tree/main/tenda/a18/formaddmacfilterrule

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-32032

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-32032/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-56542 // VULMON: CVE-2022-32032 // JVNDB: JVNDB-2022-012482 // CNNVD: CNNVD-202207-282 // NVD: CVE-2022-32032

SOURCES

db:CNVDid:CNVD-2022-56542
db:VULMONid:CVE-2022-32032
db:JVNDBid:JVNDB-2022-012482
db:CNNVDid:CNNVD-202207-282
db:NVDid:CVE-2022-32032

LAST UPDATE DATE

2024-08-14T14:02:31.520000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-56542date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-32032date:2022-07-09T00:00:00
db:JVNDBid:JVNDB-2022-012482date:2023-08-30T08:18:00
db:CNNVDid:CNNVD-202207-282date:2022-07-11T00:00:00
db:NVDid:CVE-2022-32032date:2022-07-09T00:57:05.900

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-56542date:2022-08-12T00:00:00
db:VULMONid:CVE-2022-32032date:2022-07-01T00:00:00
db:JVNDBid:JVNDB-2022-012482date:2023-08-30T00:00:00
db:CNNVDid:CNNVD-202207-282date:2022-07-01T00:00:00
db:NVDid:CVE-2022-32032date:2022-07-01T18:15:08.970