CVE-2023-38931

Published: Aug 7, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

Affected (9)

Products: Tenda: Ac10 Firmware, Ac1206 Firmware, Ac8 Firmware, Ac6 Firmware, Ac7 Firmware, F1203 Firmware, Ac5 Firmware, Fh1203 Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac10	Version 1.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac1206 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac1206	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac8 Firmware	Version 16.03.34.06

Running on/with	Platform Versions
Tenda Ac8	Version 4.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac6 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac6	Version 2.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac7 Firmware	Version 15.03.06.44

Running on/with	Platform Versions
Tenda Ac7	Version 1.0

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda F1203 Firmware	Version 2.0.1.6

Running on/with	Platform Versions
Tenda F1203	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac5 Firmware	Version 15.03.06.28

Running on/with	Platform Versions
Tenda Ac5	Version 1.0

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10 Firmware	Version 16.03.10.13

Running on/with	Platform Versions
Tenda Ac10	Version 4.0

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Fh1203 Firmware	Version 2.0.1.6

Running on/with	Platform Versions
Tenda Fh1203	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.