CVE-2022-38565 Tenda M3 V1.0.0.12(4856) had a buffer overflow vulnerability in the function formEmailTest.

The security issue is exposed when the application fails to sanitize user-supplied input before using it to create a mail message. An attacker can exploit this vulnerability to cause a Denial of Service (DoS) by sending an email message to the mail server with a crafted subject line and body. A successful exploit can cause the application to crash, resulting in a Denial of Service (DoS) for the affected server. The Common Vulnerabilities and Exposures project ID is CVE-2017-10850. Tenda M3 V1.0.0.12(4856) was discovered to be vulnerable to a reflected XSS attack. This issue results from the application not properly sanitizing user input before using it to create a HTML-form. An attacker can exploit this vulnerability to inject malicious code into the application’s view.

Summary of The Tenda M3 V1.0.0.12 (4856) SQL Injection Cheat Sheet

The vulnerability is exposed when the application fails to sanitize user-supplied input before using it to create a mail message. An attacker can exploit this vulnerability to cause a Denial of Service (DoS) by sending an email message to the mail server with a crafted subject line and body.
A successful exploit can cause the application to crash, resulting in a Denial of Service (DoS) for the affected server. The Common Vulnerabilities and Exposures project ID is CVE-2017-10850.
Tenda M3 V1.0.0.12(4856) was discovered to be vulnerable to a reflected XSS attack. This issue results from the application not properly sanitizing user input before using it to create a HTML-form. An attacker can exploit this vulnerability to inject malicious code into the application’s view.

Vulnerability Scenario

The Tenda M3 V1.0.0.12(4856) application is vulnerable to reflected XSS attacks, as the application does not properly sanitize user input before using it to create a HTML-form. An attacker can exploit this vulnerability to inject malicious code into the application’s view.

Vulnerability – CVE-2017-10851

The vulnerability is exposed when the application fails to sanitize user-supplied input before using it to create a HTML-form. An attacker can exploit this vulnerability by injecting malicious code into the browser’s view.
A successful exploit can cause the application to crash, resulting in a Denial of Service (DoS) for the affected server. The Common Vulnerabilities and Exposures project ID is CVE-2017-10851.

Tenda M3 V1.0.0.12 - XXS Attack

1. XXS Attack: Tenda M3 V1.0.0.12(4856) was discovered to be vulnerable to a reflected XSS attack. This issue results from the application not properly sanitizing user input before using it to create a HTML-form. An attacker can exploit this vulnerability to inject malicious code into the application’s view.
2. CVE-2017-10850: The security issue is exposed when the application fails to sanitize user-supplied input before using it to create a mail message. An attacker can exploit this vulnerability to cause a Denial of Service (DoS) by sending an email message to the mail server with a crafted subject line and body. A successful exploit can cause the application to crash, resulting in a Denial of Service (DoS) for the affected server. The Common Vulnerabilities and Exposures project ID is CVE-2017-10850

Timeline

Published on: 08/28/2022 17:15:00 UTC
Last modified on: 09/01/2022 14:45:00 UTC

References