| عنوان | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| الوصف | During the firmware update process, the there is integrity verification vulnerability in function image_check() of program httpd. Cyclic redundancy check(CRC) is used in image_check() to verify the firmware header and firmware image. CRC could be easily bypassed as long as the hackers craft a compromised firmware with the same crc value as the new firmware. Therefore, the firmware integrity verification vulnerability arises which makes the compromised firmware could be written into the IoT device during firmware update and cause arbitrary code execution or denial of service. |
|---|
| المصدر | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md |
|---|
| المستخدم | IOT_Res (UID 81722) |
|---|
| ارسال | 05/12/2025 12:36 PM (6 أشهر منذ) |
|---|
| الاعتدال | 13/12/2025 02:55 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 336361 [Tenda AX9 22.03.01.46 httpd image_check تشفير ضعيف] |
|---|
| النقاط | 20 |
|---|