Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:pa6_firmware:1.0.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "F6091063-6B03-4B7F-B425-B4C37B057A74", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:pa6:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC86310B-B452-4CEF-986C-2BB4CC535A0A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the \"Wireless\" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash."}, {"lang": "es", "value": "El extensor Tenda PA6 Wi-Fi Powerline versi\u00f3n 1.0.1.21, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n incorrecta de l\u00edmites mediante la secci\u00f3n \"Wireless\" ??en la Interfaz de Usuario Web. Mediante el env\u00edo de un nombre de host especialmente dise\u00f1ado, un atacante remoto podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o causar que la aplicaci\u00f3n se bloquee"}], "id": "CVE-2019-19505", "lastModified": "2024-11-21T04:34:51.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-25T20:15:11.007", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}