CVE-2022-42170: n/a in n/a
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
AI Analysis
Technical Summary
CVE-2022-42170 is a critical stack overflow vulnerability identified in the Tenda AC10 router firmware version V15.03.06.23. The vulnerability exists in the handling of requests to the /goform/formWifiWpsStart endpoint. A stack overflow occurs when the application writes more data to a buffer located on the stack than what is allocated, potentially overwriting adjacent memory and leading to arbitrary code execution. This vulnerability is classified under CWE-787 (Out-of-bounds Write). The CVSS v3.1 base score is 9.8, indicating a critical severity with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is remotely exploitable over the network without any privileges or user interaction, and it impacts confidentiality, integrity, and availability to a high degree. Although no known exploits are currently reported in the wild, the nature of the vulnerability allows an attacker to execute arbitrary code remotely, potentially taking full control of the affected device. The Tenda AC10 is a consumer-grade Wi-Fi router commonly used in home and small office environments. Exploiting this vulnerability could allow attackers to manipulate network traffic, intercept sensitive data, or use the compromised router as a foothold for further attacks within the network.
Potential Impact
For European organizations, the exploitation of this vulnerability could have significant consequences. Many small businesses and home offices across Europe use consumer-grade routers like the Tenda AC10, which may not be regularly updated or monitored by IT security teams. A successful attack could lead to unauthorized access to internal networks, interception of confidential communications, and disruption of network availability. This is particularly concerning for sectors handling sensitive data such as finance, healthcare, and government services. Additionally, compromised routers could be leveraged as part of botnets or for launching further attacks, amplifying the threat landscape. The lack of authentication and user interaction requirements makes this vulnerability especially dangerous, as attackers can scan for vulnerable devices and exploit them en masse without user awareness.
Mitigation Recommendations
To mitigate this vulnerability, European organizations and individuals should immediately check if their network infrastructure includes Tenda AC10 routers running the vulnerable firmware version V15.03.06.23. Since no official patch links are provided, users should monitor Tenda's official channels for firmware updates addressing this issue and apply them promptly once available. In the interim, it is advisable to restrict access to the router's management interfaces by implementing network segmentation and firewall rules to block external access to the /goform/formWifiWpsStart endpoint. Disabling WPS functionality entirely, if not required, can reduce the attack surface. Network administrators should also conduct regular vulnerability scans to identify exposed devices and consider replacing outdated or unsupported hardware with models that receive timely security updates. Employing intrusion detection systems to monitor unusual network activity related to router exploitation attempts can provide early warning signs of compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2022-42170: n/a in n/a
Description
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
AI-Powered Analysis
Technical Analysis
CVE-2022-42170 is a critical stack overflow vulnerability identified in the Tenda AC10 router firmware version V15.03.06.23. The vulnerability exists in the handling of requests to the /goform/formWifiWpsStart endpoint. A stack overflow occurs when the application writes more data to a buffer located on the stack than what is allocated, potentially overwriting adjacent memory and leading to arbitrary code execution. This vulnerability is classified under CWE-787 (Out-of-bounds Write). The CVSS v3.1 base score is 9.8, indicating a critical severity with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is remotely exploitable over the network without any privileges or user interaction, and it impacts confidentiality, integrity, and availability to a high degree. Although no known exploits are currently reported in the wild, the nature of the vulnerability allows an attacker to execute arbitrary code remotely, potentially taking full control of the affected device. The Tenda AC10 is a consumer-grade Wi-Fi router commonly used in home and small office environments. Exploiting this vulnerability could allow attackers to manipulate network traffic, intercept sensitive data, or use the compromised router as a foothold for further attacks within the network.
Potential Impact
For European organizations, the exploitation of this vulnerability could have significant consequences. Many small businesses and home offices across Europe use consumer-grade routers like the Tenda AC10, which may not be regularly updated or monitored by IT security teams. A successful attack could lead to unauthorized access to internal networks, interception of confidential communications, and disruption of network availability. This is particularly concerning for sectors handling sensitive data such as finance, healthcare, and government services. Additionally, compromised routers could be leveraged as part of botnets or for launching further attacks, amplifying the threat landscape. The lack of authentication and user interaction requirements makes this vulnerability especially dangerous, as attackers can scan for vulnerable devices and exploit them en masse without user awareness.
Mitigation Recommendations
To mitigate this vulnerability, European organizations and individuals should immediately check if their network infrastructure includes Tenda AC10 routers running the vulnerable firmware version V15.03.06.23. Since no official patch links are provided, users should monitor Tenda's official channels for firmware updates addressing this issue and apply them promptly once available. In the interim, it is advisable to restrict access to the router's management interfaces by implementing network segmentation and firewall rules to block external access to the /goform/formWifiWpsStart endpoint. Disabling WPS functionality entirely, if not required, can reduce the attack surface. Network administrators should also conduct regular vulnerability scans to identify exposed devices and consider replacing outdated or unsupported hardware with models that receive timely security updates. Employing intrusion detection systems to monitor unusual network activity related to router exploitation attempts can provide early warning signs of compromise.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-03T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec55a
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 9:40:13 AM
Last updated: 8/11/2025, 10:49:41 AM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.