Vulnerability Details CVE-2022-40855
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.288
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-40855
-
cpe:2.3:h:tenda:w20e:-
-
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6