CVE-2022-25555 in AX1806info

Summary

by MITRE • 03/10/2022

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 03/13/2022

The vulnerability identified as CVE-2022-25555 affects the Tenda AX1806 router firmware version 1.0.0.1 and represents a critical stack overflow condition within the fromSetSysTime function. This flaw resides in the router's web interface handling mechanism where the ntpServer parameter is processed without adequate input validation or bounds checking. The stack overflow occurs when an attacker crafts a maliciously formatted ntpServer value that exceeds the allocated buffer space, causing the program to overwrite adjacent memory locations on the stack. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, which is a well-documented weakness in software development practices where fixed-size buffers are not properly checked against input length before being populated.

The operational impact of this vulnerability extends beyond simple denial of service conditions as it provides attackers with a mechanism to potentially execute arbitrary code on the affected device. When the stack overflow occurs during processing of the ntpServer parameter, the router's system becomes unstable and typically results in a crash or reboot, thereby creating persistent denial of service conditions that can disrupt network connectivity for all connected devices. The vulnerability is particularly concerning because it can be exploited remotely through the web administration interface, requiring no physical access to the device and allowing attackers to target multiple routers simultaneously through automated scanning tools. This characteristic aligns with ATT&CK technique T1210 for exploitation of remote services and represents a significant risk to network infrastructure security.

Mitigation strategies for CVE-2022-25555 should prioritize immediate firmware updates from Tenda to address the underlying buffer overflow condition in the fromSetSysTime function. Network administrators should also implement network segmentation and access control measures to limit exposure of affected devices to untrusted networks, while disabling unnecessary services such as the web interface when not actively required. Additional protective measures include deploying intrusion detection systems that can monitor for anomalous traffic patterns associated with exploitation attempts, and establishing network monitoring procedures to detect device reboots or service disruptions that may indicate successful exploitation. The vulnerability demonstrates the importance of proper input validation and memory management practices in embedded systems, particularly those handling user-provided parameters through web interfaces. Organizations should also conduct regular vulnerability assessments of their network infrastructure to identify similar issues in other router models and embedded devices that may be susceptible to analogous stack overflow conditions.

Reservation

02/21/2022

Disclosure

03/10/2022

Moderation

accepted

CPE

ready

EPSS

0.01219

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!