CVE-2023-38823

Published: Nov 20, 2023Modified: Jun 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

Affected (4)

Products: Tenda: Ac6 Firmware, Ac9 Firmware, Ac19 Firmware, Ac18 Firmware

4 products

Configuration A

1 platform

Running on/with	Platform Versions
Tenda Ac6	Version 2.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac6 Firmware	Version 15.03.05.19(6318)

Running on/with	Platform Versions
Tenda Ac6	Version 1.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac9 Firmware	Version 15.03.05.19(6318)

Running on/with	Platform Versions
Tenda Ac9	Version 1.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac19 Firmware	Version 15.03.05.19(6318)

Running on/with	Platform Versions
Tenda Ac19	Version 1.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac18 Firmware	Version 15.03.05.19(6318)

Running on/with	Platform Versions
Tenda Ac18	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md

Source: cve@mitre.org

https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.