Details of VAR-202207-0128

ID

VAR-202207-0128

CVE

CVE-2022-32030

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-012484

DESCRIPTION

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability stems from the fact that the list parameter in the formSetQosBand function does not check the length of the input data. An attacker could exploit this vulnerability to cause a denial of service attack

Trust: 2.25

sources: NVD: CVE-2022-32030 // JVNDB: JVNDB-2022-012484 // CNVD: CNVD-2022-56543 // VULMON: CVE-2022-32030

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-56543

AFFECTED PRODUCTS

vendor:	tenda	model:	ax1806	scope:	eq	version:	1.0.0.1	Trust: 1.0
vendor:	tenda	model:	ax1806	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ax1806	scope:	eq	version:	ax1806 firmware 1.0.0.1	Trust: 0.8
vendor:	tenda	model:	ax1806	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax1806	scope:	eq	version:	v1.0.0.1	Trust: 0.6

sources: CNVD: CNVD-2022-56543 // JVNDB: JVNDB-2022-012484 // NVD: CVE-2022-32030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32030
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32030
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-56543
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202207-284
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-32030
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-32030
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-56543
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-32030
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32030
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-56543 // VULMON: CVE-2022-32030 // JVNDB: JVNDB-2022-012484 // CNNVD: CNNVD-202207-284 // NVD: CVE-2022-32030

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-012484 // NVD: CVE-2022-32030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-284

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-284

PATCH

title:	Patch for Tenda AX1806 formSetQosBand function stack overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/344206	Trust: 0.6
title:	Tenda AX1806 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199217	Trust: 0.6

sources: CNVD: CNVD-2022-56543 // CNNVD: CNNVD-202207-284

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32030	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-012484	Trust: 0.8
db:	CNVD	id:	CNVD-2022-56543	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-284	Trust: 0.6
db:	VULMON	id:	CVE-2022-32030	Trust: 0.1

sources: CNVD: CNVD-2022-56543 // VULMON: CVE-2022-32030 // JVNDB: JVNDB-2022-012484 // CNNVD: CNNVD-202207-284 // NVD: CVE-2022-32030

REFERENCES

url:	https://github.com/d1tto/iot-vuln/tree/main/tenda/ax1806/formsetqosband	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32030	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-32030/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-56543 // VULMON: CVE-2022-32030 // JVNDB: JVNDB-2022-012484 // CNNVD: CNNVD-202207-284 // NVD: CVE-2022-32030

SOURCES

db:	CNVD	id:	CNVD-2022-56543
db:	VULMON	id:	CVE-2022-32030
db:	JVNDB	id:	JVNDB-2022-012484
db:	CNNVD	id:	CNNVD-202207-284
db:	NVD	id:	CVE-2022-32030

LAST UPDATE DATE

2024-08-14T14:37:27.685000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-56543	date:	2022-08-12T00:00:00
db:	VULMON	id:	CVE-2022-32030	date:	2022-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-012484	date:	2023-08-30T08:19:00
db:	CNNVD	id:	CNNVD-202207-284	date:	2022-07-11T00:00:00
db:	NVD	id:	CVE-2022-32030	date:	2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-56543	date:	2022-08-12T00:00:00
db:	VULMON	id:	CVE-2022-32030	date:	2022-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-012484	date:	2023-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202207-284	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2022-32030	date:	2022-07-01T18:15:08.890