Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32033PUBLISHED: 2022-07-01Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
CVE-2022-32034PUBLISHED: 2022-07-01Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
CVE-2022-32035PUBLISHED: 2022-07-01Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
CVE-2022-32036PUBLISHED: 2022-07-01Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
CVE-2022-32037PUBLISHED: 2022-07-01Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
User Rank: Apprentice
12/23/2013 | 6:48:16 PM
Of course all of these activities rarely require the full account info. Generally PCI requires truncation to store transactions but Target may have demonstrated a mitigating factor by encrypting all transactions. Thats why its probably an inside job... someone with access to the necessary decryption information.
Another article I read said the cvv codes were not stolen which meant the stolen accounts are not useful for most on-line purchases.
IMO ... regrdless of this article's title, we don't really know what happened yet.