Vulnerability Description
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ax12 Firmware | 22.03.01.21_cn |
| Tenda | Ax12 | - |
Related Weaknesses (CWE)
References
- http://tendawifi.com/index.htmlBroken Link
- https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/2ExploitThird Party Advisory
- https://www.tenda.com.cn/Vendor Advisory
- https://www.tenda.com.cn/product/AX12.htmlProductVendor Advisory
- http://tendawifi.com/index.htmlBroken Link
- https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/2ExploitThird Party Advisory
- https://www.tenda.com.cn/Vendor Advisory
- https://www.tenda.com.cn/product/AX12.htmlProductVendor Advisory
FAQ
What is CVE-2021-45392?
CVE-2021-45392 is a vulnerability with a CVSS score of 7.5 (HIGH). A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
How severe is CVE-2021-45392?
CVE-2021-45392 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45392?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ax12 Firmware, Tenda Ax12.