CVE-2022-45501: n/a in n/a
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
AI Analysis
Technical Summary
CVE-2022-45501 is a high-severity stack overflow vulnerability identified in the Tenda W6-S router firmware version 1.0.0.4(510). The flaw exists in the handling of the 'wl_radio' parameter within the /goform/wifiSSIDset endpoint. Specifically, the vulnerability arises due to improper bounds checking when processing this parameter, leading to a stack-based buffer overflow (CWE-787). This type of vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP request to the affected endpoint, triggering the overflow. The consequence of this overflow is a denial of service (DoS) condition, as indicated by the CVSS vector, which shows no impact on confidentiality or integrity but a high impact on availability. The vulnerability requires no privileges and no user interaction, and it is exploitable remotely over the network (AV:N/AC:L/PR:N/UI:N). Although no public exploits are currently known in the wild, the ease of exploitation combined with the high impact on availability makes this a significant threat to affected devices. The lack of vendor or product details beyond the Tenda W6-S router limits the scope of affected products, but given the nature of consumer and small office routers, the potential for disruption in network availability is considerable. The absence of a patch link suggests that remediation may not yet be publicly available, increasing the urgency for mitigation through other means.
Potential Impact
For European organizations, the primary impact of this vulnerability is the potential for network disruption due to denial of service on affected Tenda W6-S routers. Such routers are commonly used in small office and home office (SOHO) environments, as well as in some small enterprises. A successful exploit could result in loss of internet connectivity, interruption of business operations, and degradation of network-dependent services. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact could indirectly affect operational continuity, especially for organizations relying on these devices for critical connectivity. Additionally, the vulnerability could be leveraged as part of a larger attack chain, for example, as a stepping stone for lateral movement or to create network instability during targeted attacks. The lack of authentication requirement and ease of remote exploitation increase the risk profile, particularly in environments where these routers are exposed to untrusted networks or the internet. European organizations with distributed or remote workforces using Tenda W6-S devices are particularly at risk. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as exploit development could occur rapidly given the straightforward nature of the vulnerability.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all Tenda W6-S routers within the network environment, including those used by remote or home-based employees. 2) Restrict access to the router management interface by implementing network segmentation and firewall rules to block unauthorized inbound traffic to the /goform/wifiSSIDset endpoint, especially from untrusted networks or the internet. 3) Disable remote management features on affected devices if enabled, to reduce exposure. 4) Monitor network traffic for unusual HTTP requests targeting the /goform/wifiSSIDset endpoint or anomalous behavior indicative of exploitation attempts. 5) Where possible, replace affected devices with alternative routers from vendors with active security support and patch availability. 6) Engage with Tenda support channels to obtain information on firmware updates or patches addressing this vulnerability and apply them promptly once available. 7) Educate IT staff and users about the risks associated with this vulnerability and the importance of network hygiene to prevent exploitation. These targeted actions go beyond generic advice by focusing on access control, monitoring, and device management specific to the vulnerability's attack vector.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2022-45501: n/a in n/a
Description
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
AI-Powered Analysis
Technical Analysis
CVE-2022-45501 is a high-severity stack overflow vulnerability identified in the Tenda W6-S router firmware version 1.0.0.4(510). The flaw exists in the handling of the 'wl_radio' parameter within the /goform/wifiSSIDset endpoint. Specifically, the vulnerability arises due to improper bounds checking when processing this parameter, leading to a stack-based buffer overflow (CWE-787). This type of vulnerability can allow an unauthenticated remote attacker to send a specially crafted HTTP request to the affected endpoint, triggering the overflow. The consequence of this overflow is a denial of service (DoS) condition, as indicated by the CVSS vector, which shows no impact on confidentiality or integrity but a high impact on availability. The vulnerability requires no privileges and no user interaction, and it is exploitable remotely over the network (AV:N/AC:L/PR:N/UI:N). Although no public exploits are currently known in the wild, the ease of exploitation combined with the high impact on availability makes this a significant threat to affected devices. The lack of vendor or product details beyond the Tenda W6-S router limits the scope of affected products, but given the nature of consumer and small office routers, the potential for disruption in network availability is considerable. The absence of a patch link suggests that remediation may not yet be publicly available, increasing the urgency for mitigation through other means.
Potential Impact
For European organizations, the primary impact of this vulnerability is the potential for network disruption due to denial of service on affected Tenda W6-S routers. Such routers are commonly used in small office and home office (SOHO) environments, as well as in some small enterprises. A successful exploit could result in loss of internet connectivity, interruption of business operations, and degradation of network-dependent services. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact could indirectly affect operational continuity, especially for organizations relying on these devices for critical connectivity. Additionally, the vulnerability could be leveraged as part of a larger attack chain, for example, as a stepping stone for lateral movement or to create network instability during targeted attacks. The lack of authentication requirement and ease of remote exploitation increase the risk profile, particularly in environments where these routers are exposed to untrusted networks or the internet. European organizations with distributed or remote workforces using Tenda W6-S devices are particularly at risk. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as exploit development could occur rapidly given the straightforward nature of the vulnerability.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all Tenda W6-S routers within the network environment, including those used by remote or home-based employees. 2) Restrict access to the router management interface by implementing network segmentation and firewall rules to block unauthorized inbound traffic to the /goform/wifiSSIDset endpoint, especially from untrusted networks or the internet. 3) Disable remote management features on affected devices if enabled, to reduce exposure. 4) Monitor network traffic for unusual HTTP requests targeting the /goform/wifiSSIDset endpoint or anomalous behavior indicative of exploitation attempts. 5) Where possible, replace affected devices with alternative routers from vendors with active security support and patch availability. 6) Engage with Tenda support channels to obtain information on firmware updates or patches addressing this vulnerability and apply them promptly once available. 7) Educate IT staff and users about the risks associated with this vulnerability and the importance of network hygiene to prevent exploitation. These targeted actions go beyond generic advice by focusing on access control, monitoring, and device management specific to the vulnerability's attack vector.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-21T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf57ed
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/21/2025, 8:23:19 PM
Last updated: 7/30/2025, 5:22:32 PM
Views: 9
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.