| Title | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| Description | During the firmware update process, the there is integrity verification vulnerability in function image_check() of program httpd. Cyclic redundancy check(CRC) is used in image_check() to verify the firmware header and firmware image. CRC could be easily bypassed as long as the hackers craft a compromised firmware with the same crc value as the new firmware. Therefore, the firmware integrity verification vulnerability arises which makes the compromised firmware could be written into the IoT device during firmware update and cause arbitrary code execution or denial of service. |
|---|
| Source | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md |
|---|
| User | IOT_Res (UID 81722) |
|---|
| Submission | 12/05/2025 12:36 (6 months ago) |
|---|
| Moderation | 12/13/2025 02:55 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336361 [Tenda AX9 22.03.01.46 httpd image_check weak hash] |
|---|
| Points | 20 |
|---|