| Название | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| Описание | During the firmware update process, the there is integrity verification vulnerability in function image_check() of program httpd. Cyclic redundancy check(CRC) is used in image_check() to verify the firmware header and firmware image. CRC could be easily bypassed as long as the hackers craft a compromised firmware with the same crc value as the new firmware. Therefore, the firmware integrity verification vulnerability arises which makes the compromised firmware could be written into the IoT device during firmware update and cause arbitrary code execution or denial of service. |
|---|
| Источник | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md |
|---|
| Пользователь | IOT_Res (UID 81722) |
|---|
| Представление | 05.12.2025 12:36 (6 месяцы назад) |
|---|
| Модерация | 13.12.2025 02:55 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 336361 [Tenda AX9 22.03.01.46 httpd image_check слабое шифрование] |
|---|
| Баллы | 20 |
|---|