| शीर्षक | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| विवरण | During the firmware update process, the there is integrity verification vulnerability in function image_check() of program httpd. Cyclic redundancy check(CRC) is used in image_check() to verify the firmware header and firmware image. CRC could be easily bypassed as long as the hackers craft a compromised firmware with the same crc value as the new firmware. Therefore, the firmware integrity verification vulnerability arises which makes the compromised firmware could be written into the IoT device during firmware update and cause arbitrary code execution or denial of service. |
|---|
| स्रोत | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md |
|---|
| उपयोगकर्ता | IOT_Res (UID 81722) |
|---|
| सबमिशन | 05/12/2025 12:36 PM (6 महीनों पहले) |
|---|
| संयम | 13/12/2025 02:55 AM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 336361 [Tenda AX9 22.03.01.46 httpd image_check कमजोर एन्क्रिप्शन] |
|---|
| अंक | 20 |
|---|