Lucene search

[email protected]CVE-2023-43886

HistoryNov 07, 2023 - 8:15 a.m.

CVE-2023-43886

2023-11-0708:15:24

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-43886

buffer overflow

tenda rx9 pro

http server

authenticated attacker

memory overwrite

nvd

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.

Affected configurations

NVD

Node

tendarx9_proMatch-

AND

tendarx9_pro_firmwareMatch22.03.02.10

CPENameOperatorVersion
tenda:rx9_pro_firmwaretenda rx9 pro firmwareeq22.03.02.10

CPE	Name	Operator	Version
tenda:rx9_pro_firmware	tenda rx9 pro firmware	eq	22.03.02.10

References

blog.rtlcopymemory.com/tenda-rx9-pro/

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2023-43886

prion1 cvelist1 nvd1