Lucene search

MitreCVE-2023-40800

HistoryAug 25, 2023 - 3:15 p.m.

CVE-2023-40800

2023-08-2515:15:09

CWE-20

mitre

web.nvd.nist.gov

cve-2023-40800

tenda ac23

stack overflow

vulnerability

authentication

user input

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.

Affected configurations

Nvd

Node

tendaac23_firmwareMatch16.03.07.45_cn

AND

tendaac23Match-

VendorProductVersionCPE
tendaac23_firmware16.03.07.45_cncpe:2.3:o:tenda:ac23_firmware:16.03.07.45_cn:*:*:*:*:*:*:*
tendaac23-cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac23_firmware	16.03.07.45_cn	cpe:2.3:o:tenda:ac23_firmware:16.03.07.45_cn:::::::*
tenda	ac23	-	cpe:2.3:h:tenda:ac23:-:::::::*

References

github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for CVE-2023-40800