CVE-2019-19505

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*

cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-25 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2019-19505

Mitre link : CVE-2019-19505

CVE.ORG link : CVE-2019-19505

JSON object : View

Products Affected

tendacn

pa6_firmware
pa6

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-19505", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-06-25T20:15:11.007", "references": [{"url": "https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the \"Wireless\" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash."}, {"lang": "es", "value": "El extensor Tenda PA6 Wi-Fi Powerline versi\u00f3n 1.0.1.21, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n incorrecta de l\u00edmites mediante la secci\u00f3n \"Wireless\" ??en la Interfaz de Usuario Web. Mediante el env\u00edo de un nombre de host especialmente dise\u00f1ado, un atacante remoto podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o causar que la aplicaci\u00f3n se bloquee"}], "lastModified": "2020-07-08T16:55:35.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6091063-6B03-4B7F-B425-B4C37B057A74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC86310B-B452-4CEF-986C-2BB4CC535A0A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}