Skip to main content

CVE-2022-41482: n/a in n/a

High
VulnerabilityCVE-2022-41482cvecve-2022-41482
Published: Thu Oct 13 2022 (10/13/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

AI-Powered Analysis

AILast updated: 07/06/2025, 09:42:32 UTC

Technical Analysis

CVE-2022-41482 is a high-severity buffer overflow vulnerability identified in the firmware of the Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 router model. The vulnerability exists in a specific function located at memory address 0x47c5dc, where improper handling of input data allows an attacker to overflow a buffer. This flaw can be exploited remotely without any authentication or user interaction by sending a specially crafted request to the affected device. The consequence of successful exploitation is a Denial of Service (DoS) condition, which causes the router to crash or become unresponsive, thereby disrupting network connectivity. The CVSS v3.1 base score of 7.5 reflects the vulnerability's high impact on availability, with no impact on confidentiality or integrity. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), and the scope remains unchanged (S:U). The underlying weakness is categorized under CWE-120, which corresponds to classic buffer overflow issues. No known exploits have been reported in the wild, and no official patches or vendor advisories are currently linked, indicating that mitigation may require manual intervention or firmware updates once available.

Potential Impact

For European organizations, this vulnerability poses a significant risk to network infrastructure stability, especially for entities relying on Tenda AC1200 routers in their local area networks or branch offices. A successful DoS attack could disrupt internet access, internal communications, and critical business operations dependent on continuous network availability. This is particularly impactful for sectors requiring high uptime such as finance, healthcare, manufacturing, and public services. The lack of confidentiality or integrity impact limits data breach risks, but the availability disruption alone can cause operational downtime, loss of productivity, and potential financial losses. Additionally, widespread exploitation could lead to cascading effects on supply chains or multi-site organizations. Since the attack requires no authentication and can be triggered remotely, threat actors could easily scan for vulnerable devices and launch automated attacks, increasing the likelihood of opportunistic disruptions.

Mitigation Recommendations

Organizations should first identify whether Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 routers are deployed within their networks. Network asset inventories and device fingerprinting tools can assist in this discovery. Until an official firmware patch is released, network administrators should implement strict network segmentation to isolate vulnerable routers from critical systems and limit exposure to untrusted networks. Deploying firewall rules to restrict access to router management interfaces and filtering incoming traffic to block suspicious or malformed packets targeting the vulnerable function can reduce attack surface. Monitoring network traffic for anomalies and signs of DoS attempts is advisable. Additionally, organizations should engage with Tenda support channels to obtain updates on patch availability and apply firmware updates promptly once released. As a longer-term strategy, consider replacing vulnerable hardware with devices from vendors with robust security update practices.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-09-26T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec57b

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 9:42:32 AM

Last updated: 7/26/2025, 8:02:30 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats