CVE-2022-40869: n/a in n/a
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
AI Analysis
Technical Summary
CVE-2022-40869 is a critical stack overflow vulnerability identified in Tenda AC15 and AC18 routers running firmware version V15.03.05.19. The vulnerability exists in the function fromDhcpListClient, which processes DHCP client lists using a combined parameter "list*" (formatted as "%s%d","list"). A stack overflow occurs when this parameter is improperly handled, allowing an attacker to overwrite the stack memory. This can lead to arbitrary code execution, denial of service, or complete compromise of the router. The vulnerability has a CVSS v3.1 score of 9.8, indicating it is easily exploitable remotely (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). The flaw corresponds to CWE-787 (Out-of-bounds Write), a common and dangerous memory corruption issue. Although no known exploits are reported in the wild, the severity and ease of exploitation make this a significant threat. The lack of available patches or vendor advisories at the time of publication increases risk for affected users. Given that these routers are commonly used in home and small office environments, exploitation could allow attackers to gain persistent network access, intercept or manipulate traffic, or pivot to other internal systems.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AC15 and AC18 routers, this vulnerability poses a severe risk. Successful exploitation could lead to full compromise of the network perimeter device, enabling attackers to intercept sensitive data, disrupt communications, or launch further attacks within the internal network. Confidentiality is at high risk as attackers can eavesdrop on network traffic. Integrity is compromised since attackers can alter configurations or inject malicious payloads. Availability is also threatened through potential denial-of-service conditions caused by crashes or malicious reboots. The impact is particularly critical for organizations handling sensitive personal data under GDPR, as breaches could lead to regulatory penalties and reputational damage. Additionally, the vulnerability could be leveraged by cybercriminals or nation-state actors targeting European infrastructure or businesses, given the routers’ widespread use in residential and small business environments.
Mitigation Recommendations
Immediate mitigation steps include: 1) Identifying and inventorying all Tenda AC15 and AC18 routers running vulnerable firmware (V15.03.05.19) within the organization’s network. 2) Applying any available firmware updates or patches from Tenda as soon as they are released. If no official patch is available, consider temporarily replacing vulnerable devices with alternative models from trusted vendors. 3) Restricting remote management access to these routers by disabling WAN-side administration and limiting LAN-side access to trusted IP addresses only. 4) Implementing network segmentation to isolate vulnerable routers from critical internal systems and sensitive data. 5) Monitoring network traffic for unusual DHCP-related activity or signs of exploitation attempts. 6) Employing intrusion detection/prevention systems (IDS/IPS) with signatures for stack overflow attempts targeting DHCP functions. 7) Educating users about the risks and encouraging them to report any unusual router behavior. These steps go beyond generic advice by focusing on immediate containment, access control, and proactive monitoring tailored to the specific vulnerability and affected devices.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2022-40869: n/a in n/a
Description
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
AI-Powered Analysis
Technical Analysis
CVE-2022-40869 is a critical stack overflow vulnerability identified in Tenda AC15 and AC18 routers running firmware version V15.03.05.19. The vulnerability exists in the function fromDhcpListClient, which processes DHCP client lists using a combined parameter "list*" (formatted as "%s%d","list"). A stack overflow occurs when this parameter is improperly handled, allowing an attacker to overwrite the stack memory. This can lead to arbitrary code execution, denial of service, or complete compromise of the router. The vulnerability has a CVSS v3.1 score of 9.8, indicating it is easily exploitable remotely (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). The flaw corresponds to CWE-787 (Out-of-bounds Write), a common and dangerous memory corruption issue. Although no known exploits are reported in the wild, the severity and ease of exploitation make this a significant threat. The lack of available patches or vendor advisories at the time of publication increases risk for affected users. Given that these routers are commonly used in home and small office environments, exploitation could allow attackers to gain persistent network access, intercept or manipulate traffic, or pivot to other internal systems.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AC15 and AC18 routers, this vulnerability poses a severe risk. Successful exploitation could lead to full compromise of the network perimeter device, enabling attackers to intercept sensitive data, disrupt communications, or launch further attacks within the internal network. Confidentiality is at high risk as attackers can eavesdrop on network traffic. Integrity is compromised since attackers can alter configurations or inject malicious payloads. Availability is also threatened through potential denial-of-service conditions caused by crashes or malicious reboots. The impact is particularly critical for organizations handling sensitive personal data under GDPR, as breaches could lead to regulatory penalties and reputational damage. Additionally, the vulnerability could be leveraged by cybercriminals or nation-state actors targeting European infrastructure or businesses, given the routers’ widespread use in residential and small business environments.
Mitigation Recommendations
Immediate mitigation steps include: 1) Identifying and inventorying all Tenda AC15 and AC18 routers running vulnerable firmware (V15.03.05.19) within the organization’s network. 2) Applying any available firmware updates or patches from Tenda as soon as they are released. If no official patch is available, consider temporarily replacing vulnerable devices with alternative models from trusted vendors. 3) Restricting remote management access to these routers by disabling WAN-side administration and limiting LAN-side access to trusted IP addresses only. 4) Implementing network segmentation to isolate vulnerable routers from critical internal systems and sensitive data. 5) Monitoring network traffic for unusual DHCP-related activity or signs of exploitation attempts. 6) Employing intrusion detection/prevention systems (IDS/IPS) with signatures for stack overflow attempts targeting DHCP functions. 7) Educating users about the risks and encouraging them to report any unusual router behavior. These steps go beyond generic advice by focusing on immediate containment, access control, and proactive monitoring tailored to the specific vulnerability and affected devices.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-19T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6835d30c182aa0cae216c474
Added to database: 5/27/2025, 2:58:20 PM
Last enriched: 7/6/2025, 4:25:47 AM
Last updated: 8/16/2025, 1:11:57 PM
Views: 9
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.