Vulnerability Details CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2022-27022
-
cpe:2.3:h:tenda:ac9:-
-
cpe:2.3:o:tenda:ac9_firmware:15.03.2.21_cn