External risk intelligence

Tenda AC11 Router Code Execution Vulnerability.

CVE advisoryKnown Exploit

CVE-2021-31755

A stack buffer overflow vulnerability in Tenda AC11 devices allows for arbitrary code execution via a crafted network request. This could lead to a compromise of affected systems, posing a business risk. The vulnerability is listed on the CISA Known Exploited Vulnerabilities catalog.

4Halo Surface Signal

Out-of-bounds Write

Tenda Ac11 Firmware

02.03.01.104_cn and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2021-31755

The affected product is a consumer wireless router. Such devices are commonly deployed as internet-facing gateways and edge services, making their administrative interfaces and management services potentially reachable from the public internet in many home and small office environments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Tenda AC11 devices are vulnerable due to a flaw in their firmware that allows for remote code execution. This vulnerability stems from a stack buffer overflow in a specific system function. Successful exploitation could enable an attacker to gain control of the device, potentially impacting network security and data integrity.

  • Vulnerable Tenda AC11 firmware
  • Stack buffer overflow flaw
  • Arbitrary code execution capability

Attack Path

How an attacker could exploit the issue

An attacker can exploit a stack buffer overflow vulnerability in Tenda AC11 devices. This vulnerability allows for arbitrary code execution on the system. The attack involves sending a specially crafted POST request to the affected device. This could lead to a compromise of the device and potential network-wide impact.

  • Exposure to the network.
  • Attacker sends a crafted POST request.
  • Arbitrary code execution occurs.

Live Threat

Current exploitation, exposure, and threat context

An issue has been identified on certain Tenda AC11 devices, presenting a significant security risk. Attackers can exploit this vulnerability to execute arbitrary code, potentially leading to compromised systems and data. The affected devices include those with firmware versions up to 02.03.01.104_CN. The exploitation of this vulnerability could have serious implications for affected organizations.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The identified vulnerability presents a significant risk to affected organizations due to its critical severity and the potential for arbitrary code execution. This could allow unauthorized access to systems, leading to data compromise or disruption of services. The vulnerability is actively exploited and is present in specific firmware versions.

  • Identify exposed devices.
  • Isolate affected devices or segment networks.
  • Apply vendor updates and validate.
  • Monitor for related security events.

Frequently asked questions

What is the Tenda AC11 device and its affected firmware?

The Tenda AC11 is a consumer wireless router. Firmware versions up to 02.03.01.104_CN are affected by this vulnerability.

What type of weakness does CVE-2021-31755 represent?

CVE-2021-31755 is a stack buffer overflow vulnerability, categorized as CWE-787. This allows an attacker to overwrite memory buffers, potentially leading to arbitrary code execution.

How can the Tenda AC11 vulnerability be exploited?

An attacker can exploit this vulnerability by sending a specially crafted POST request to the affected device's /goform/setmac interface, triggering the buffer overflow.

What is the significance of CVE-2021-31755 for security?

This vulnerability has a CRITICAL base severity score of 9.8 (CVSS v3.1). It allows for arbitrary code execution and is classified as external, meaning it can be exploited over a network. Halo Surface Signal indicates a 'Likely' exploitation risk due to the common internet-facing nature of such devices.

What are the recommended actions for this vulnerability?

Organizations should identify exposed devices, isolate affected units or segment networks, apply vendor-provided firmware updates, and monitor for related security events.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified