Skip to main content

CVE-2022-42058: n/a in n/a

Critical
VulnerabilityCVE-2022-42058cvecve-2022-42058
Published: Tue Nov 15 2022 (11/15/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

AI-Powered Analysis

AILast updated: 07/02/2025, 04:40:25 UTC

Technical Analysis

CVE-2022-42058 is a critical security vulnerability identified in the Tenda AC1200 Router Model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability is a stack-based buffer overflow occurring in the setRemoteWebManage function. This function is likely responsible for configuring or managing remote web access to the router. An attacker can exploit this vulnerability by sending crafted overflow data to the affected function, which causes the router to execute a stack overflow. The consequences of this overflow include a Denial of Service (DoS) condition, where the router may crash, reboot, or become unresponsive, disrupting network connectivity. The CVSS v3.1 base score of 9.8 indicates a critical severity level, reflecting the vulnerability's ease of exploitation (network vector, no privileges or user interaction required) and its impact on confidentiality, integrity, and availability. Specifically, the vulnerability allows remote attackers to fully compromise the router's availability and potentially impact confidentiality and integrity if the overflow can be leveraged further. The vulnerability is classified under CWE-787 (Out-of-bounds Write), a common and dangerous software weakness that can lead to memory corruption. No patches or fixes are currently linked, and there are no known exploits in the wild as of the published date. However, the critical nature and network accessibility of the vulnerability make it a high-risk issue for affected devices.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises (SMEs) and home office environments that rely on Tenda AC1200 routers for internet connectivity and remote management. A successful exploitation can cause network outages, disrupting business operations, communications, and access to cloud or internal resources. The DoS condition could also be used as a vector for further attacks, such as network reconnaissance or lateral movement if combined with other vulnerabilities. Additionally, if the router is used in critical infrastructure or sensitive environments, the loss of availability could have broader operational or safety implications. The vulnerability's remote exploitability without authentication increases the risk of widespread attacks, potentially affecting multiple organizations simultaneously. Given the router's role as a network gateway, compromised devices could also be leveraged as entry points for more sophisticated attacks, threatening confidentiality and integrity of organizational data.

Mitigation Recommendations

Organizations should immediately assess their network environments for the presence of Tenda AC1200 Router Model W15Ev2 devices running the vulnerable firmware version V15.11.0.10(1576). In the absence of an official patch, mitigation steps include disabling remote web management features to reduce the attack surface, restricting management access to trusted internal networks only, and implementing network-level protections such as firewall rules to block unauthorized access to router management ports. Monitoring network traffic for unusual or malformed packets targeting the router's management interface can help detect exploitation attempts. Organizations should also consider replacing vulnerable devices with models from vendors that provide timely security updates and have a strong security track record. Regular firmware updates and vendor communication monitoring are essential to apply patches promptly once available. Network segmentation can limit the impact of a compromised router by isolating critical systems from affected devices.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-03T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbee0b3

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 7/2/2025, 4:40:25 AM

Last updated: 7/28/2025, 10:48:01 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats