Lucene search

MitreCVE-2023-40798

HistoryAug 25, 2023 - 4:15 p.m.

CVE-2023-40798

2023-08-2516:15:08

CWE-20

mitre

web.nvd.nist.gov

cve-2023-40798

tenda

ac23

authentication bypass

stack overflow

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.

Affected configurations

Nvd

Node

tendaac23_firmwareMatch16.03.07.45_cn

AND

tendaac23Match-

VendorProductVersionCPE
tendaac23_firmware16.03.07.45_cncpe:2.3:o:tenda:ac23_firmware:16.03.07.45_cn:*:*:*:*:*:*:*
tendaac23-cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac23_firmware	16.03.07.45_cn	cpe:2.3:o:tenda:ac23_firmware:16.03.07.45_cn:::::::*
tenda	ac23	-	cpe:2.3:h:tenda:ac23:-:::::::*

References

github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for CVE-2023-40798