Lucene search

[email protected]CVE-2023-27013

HistoryApr 07, 2023 - 2:15 a.m.

CVE-2023-27013

2023-04-0702:15:08

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-27013

tenda

ac10

stack overflow

vulnerability

dos

arbitrary code

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.1%

JSON

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Affected configurations

NVD

Node

tendaac10_firmwareMatch16.03.10.13_cn

AND

tendaac10Match4.0

CPENameOperatorVersion
tenda:ac10_firmwaretenda ac10 firmwareeq16.03.10.13_cn

CPE	Name	Operator	Version
tenda:ac10_firmware	tenda ac10 firmware	eq	16.03.10.13_cn

References

github.com/DrizzlingSun/Tenda/blob/main/AC10/2/2.md

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2023-27013

prion1 cvelist1 nvd1