CVE-2022-45499: n/a in n/a
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
AI Analysis
Technical Summary
CVE-2022-45499 is a high-severity vulnerability identified in the Tenda W6-S router firmware version 1.0.0.4(510). The vulnerability is a stack-based buffer overflow triggered via the 'wl_radio' parameter in the HTTP endpoint /goform/WifiMacFilterGet. This endpoint is likely part of the router's web management interface, which handles Wi-Fi MAC filtering configurations. The stack overflow (CWE-787) occurs when an attacker sends a specially crafted request with an overly long or malformed 'wl_radio' parameter, causing the router's firmware to overwrite memory on the stack. This can lead to denial of service (DoS) by crashing the device or potentially enable remote code execution (RCE) if exploited with precision, although no known exploits are currently reported in the wild. The CVSS 3.1 base score of 7.5 reflects a network attack vector (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H) with no direct confidentiality or integrity impact reported. The vulnerability affects a specific firmware version of the Tenda W6-S, a consumer-grade Wi-Fi 6 router, which is used in home and small office environments. The absence of vendor or product details beyond the model and firmware version limits the scope of affected devices, but the vulnerability is critical enough to warrant immediate attention due to the potential for service disruption and possible further exploitation if combined with other vulnerabilities or misconfigurations.
Potential Impact
For European organizations, the primary impact of CVE-2022-45499 is the potential disruption of network availability in environments where Tenda W6-S routers are deployed. This could affect small businesses, home offices, or remote workers relying on these devices for internet connectivity and network segmentation. A successful exploit could cause router crashes, leading to loss of internet access and interruption of business operations. Although no direct confidentiality or integrity compromise is indicated, denial of service on network infrastructure can indirectly affect organizational productivity and security monitoring capabilities. Additionally, if attackers develop advanced exploits leveraging this overflow for remote code execution, it could lead to unauthorized control over the router, enabling further lateral movement or persistent access within a network. Given the router's role as a network gateway, such compromise could expose internal network resources to attackers. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize disclosed vulnerabilities over time.
Mitigation Recommendations
1. Immediate firmware update: Organizations and users should check for and apply any firmware updates from Tenda addressing this vulnerability. If no patch is available, consider contacting the vendor for guidance or timelines. 2. Network segmentation: Isolate vulnerable routers from critical network segments to limit potential impact. 3. Access control: Restrict access to the router's management interface to trusted IP addresses or via VPN to reduce exposure to remote attacks. 4. Disable remote management: If enabled, disable remote web management interfaces to prevent external exploitation. 5. Monitor network traffic: Implement IDS/IPS rules to detect anomalous HTTP requests targeting /goform/WifiMacFilterGet or unusual 'wl_radio' parameter usage. 6. Device replacement: For high-risk environments where patching is not feasible, consider replacing affected Tenda W6-S devices with models from vendors with active security support. 7. Incident response readiness: Prepare to respond to potential denial of service incidents affecting network availability, including having backup connectivity options.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2022-45499: n/a in n/a
Description
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
AI-Powered Analysis
Technical Analysis
CVE-2022-45499 is a high-severity vulnerability identified in the Tenda W6-S router firmware version 1.0.0.4(510). The vulnerability is a stack-based buffer overflow triggered via the 'wl_radio' parameter in the HTTP endpoint /goform/WifiMacFilterGet. This endpoint is likely part of the router's web management interface, which handles Wi-Fi MAC filtering configurations. The stack overflow (CWE-787) occurs when an attacker sends a specially crafted request with an overly long or malformed 'wl_radio' parameter, causing the router's firmware to overwrite memory on the stack. This can lead to denial of service (DoS) by crashing the device or potentially enable remote code execution (RCE) if exploited with precision, although no known exploits are currently reported in the wild. The CVSS 3.1 base score of 7.5 reflects a network attack vector (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H) with no direct confidentiality or integrity impact reported. The vulnerability affects a specific firmware version of the Tenda W6-S, a consumer-grade Wi-Fi 6 router, which is used in home and small office environments. The absence of vendor or product details beyond the model and firmware version limits the scope of affected devices, but the vulnerability is critical enough to warrant immediate attention due to the potential for service disruption and possible further exploitation if combined with other vulnerabilities or misconfigurations.
Potential Impact
For European organizations, the primary impact of CVE-2022-45499 is the potential disruption of network availability in environments where Tenda W6-S routers are deployed. This could affect small businesses, home offices, or remote workers relying on these devices for internet connectivity and network segmentation. A successful exploit could cause router crashes, leading to loss of internet access and interruption of business operations. Although no direct confidentiality or integrity compromise is indicated, denial of service on network infrastructure can indirectly affect organizational productivity and security monitoring capabilities. Additionally, if attackers develop advanced exploits leveraging this overflow for remote code execution, it could lead to unauthorized control over the router, enabling further lateral movement or persistent access within a network. Given the router's role as a network gateway, such compromise could expose internal network resources to attackers. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors often weaponize disclosed vulnerabilities over time.
Mitigation Recommendations
1. Immediate firmware update: Organizations and users should check for and apply any firmware updates from Tenda addressing this vulnerability. If no patch is available, consider contacting the vendor for guidance or timelines. 2. Network segmentation: Isolate vulnerable routers from critical network segments to limit potential impact. 3. Access control: Restrict access to the router's management interface to trusted IP addresses or via VPN to reduce exposure to remote attacks. 4. Disable remote management: If enabled, disable remote web management interfaces to prevent external exploitation. 5. Monitor network traffic: Implement IDS/IPS rules to detect anomalous HTTP requests targeting /goform/WifiMacFilterGet or unusual 'wl_radio' parameter usage. 6. Device replacement: For high-risk environments where patching is not feasible, consider replacing affected Tenda W6-S devices with models from vendors with active security support. 7. Incident response readiness: Prepare to respond to potential denial of service incidents affecting network availability, including having backup connectivity options.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-21T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf57e9
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/21/2025, 8:36:48 PM
Last updated: 8/4/2025, 12:55:20 PM
Views: 12
Related Threats
Top Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.