Lucene search

MitreCVE-2023-43885

HistoryNov 07, 2023 - 8:15 a.m.

CVE-2023-43885

2023-11-0708:15:24

CWE-862

mitre

web.nvd.nist.gov

tenda

rx9 pro

firmware

v22.03.02.20

http server

cve-2023-43885

vulnerability

security

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

15.6%

JSON

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

Affected configurations

Nvd

Node

tendarx9_proMatch-

AND

tendarx9_pro_firmwareMatch22.03.02.10

VendorProductVersionCPE
tendarx9_pro-cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
tendarx9_pro_firmware22.03.02.10cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	rx9_pro	-	cpe:2.3:h:tenda:rx9_pro:-:::::::*
tenda	rx9_pro_firmware	22.03.02.10	cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:::::::*

References

blog.rtlcopymemory.com/tenda-rx9-pro/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

15.6%

JSON

Related for CVE-2023-43885