Lucene search

[email protected]NVD:CVE-2023-23080

HistoryFeb 27, 2023 - 2:15 p.m.

CVE-2023-23080

2023-02-2714:15:10

CWE-77

[email protected]

web.nvd.nist.gov

tenda

command injection

vulnerability

cp7

cp3

it7-pcs

it7-lcs

it7-prs

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.

Affected configurations

NVD

Node

tendait7-lcsMatch-

AND

tendait7-lcs_firmwareRange≤2209020914

Node

tendait7-pcsMatch-

AND

tendait7-pcs_firmwareRange≤2209020914

Node

tendait7-prsMatch-

AND

tendait7-prs_firmwareRange≤2209020908

Node

tendacp3Match-

AND

tendacp3_firmwareRange≤20220906024_2025

Node

tendacp7Match-

AND

tendacp7_firmwareRange≤1.10.00.2211041403

References

github.com/fxc233/iot-vul/tree/main/Tenda/IPC

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for NVD:CVE-2023-23080

cve1 cvelist1 prion1