CVE-2022-40855 Information

Description

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request ‘goform/setPortMapping/’. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer portMappingProtocol portMappingWan porMappingtInternal and portMappingExternal parameters.

Reference

https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formSetPortMapping.md