Lucene search

[email protected]CVE-2023-45481

HistoryNov 29, 2023 - 6:15 a.m.

CVE-2023-45481

2023-11-2906:15:46

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-45481

tenda ac10

stack overflow

firewallen parameter

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.

Affected configurations

NVD

Node

tendaac10_firmwareMatch16.03.10.13

AND

tendaac10Match4.0

CPENameOperatorVersion
tenda:ac10_firmwaretenda ac10 firmwareeq16.03.10.13

CPE	Name	Operator	Version
tenda:ac10_firmware	tenda ac10 firmware	eq	16.03.10.13

References

github.com/l3m0nade/IOTvul/blob/master/assets/setFirewallCfg_code.png

github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Related for CVE-2023-45481

nvd1 prion1 cvelist1