| 제목 | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| 설명 | During the firmware update process, the there is integrity verification vulnerability in function image_check() of program httpd. Cyclic redundancy check(CRC) is used in image_check() to verify the firmware header and firmware image. CRC could be easily bypassed as long as the hackers craft a compromised firmware with the same crc value as the new firmware. Therefore, the firmware integrity verification vulnerability arises which makes the compromised firmware could be written into the IoT device during firmware update and cause arbitrary code execution or denial of service. |
|---|
| 원천 | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md |
|---|
| 사용자 | IOT_Res (UID 81722) |
|---|
| 제출 | 2025. 12. 05. PM 12:36 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 13. AM 02:55 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336361 [Tenda AX9 22.03.01.46 httpd image_check 약한 암호화] |
|---|
| 포인트들 | 20 |
|---|