Lucene search

MitreCVE-2023-48194

HistoryJul 09, 2024 - 6:15 p.m.

CVE-2023-48194

2024-07-0918:15:08

CWE-787

mitre

web.nvd.nist.gov

vulnerability

tenda ac8v4

sscanf

set_client_qos

control over gp register

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

47.4%

JSON

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.

Affected configurations

Nvd

Node

tendaac8v4_firmwareMatch16.03.34.09

AND

tendaac8v4Match-

VendorProductVersionCPE
tendaac8v4_firmware16.03.34.09cpe:2.3:o:tenda:ac8v4_firmware:16.03.34.09:*:*:*:*:*:*:*
tendaac8v4-cpe:2.3:h:tenda:ac8v4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac8v4_firmware	16.03.34.09	cpe:2.3:o:tenda:ac8v4_firmware:16.03.34.09:::::::*
tenda	ac8v4	-	cpe:2.3:h:tenda:ac8v4:-:::::::*

References

tenda.com

github.com/zt20xx/CVE-2023-48194

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

47.4%

JSON

Related for CVE-2023-48194