CVE-2020-28095

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
References
Link Resource
https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac1200_firmware:15.03.06.51_multi:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac1200:ac6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-30 21:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-28095

Mitre link : CVE-2020-28095

CVE.ORG link : CVE-2020-28095


JSON object : View

Products Affected

tenda

  • ac1200_firmware
  • ac1200
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')