Lucene search

[email protected]NVD:CVE-2023-25211

HistoryApr 07, 2023 - 2:15 a.m.

CVE-2023-25211

2023-04-0702:15:07

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-25211

tenda ac5

stack overflow

r7webssecurityhandler

dos

execute arbitrary code

crafted payload

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Affected configurations

NVD

Node

tendaac5_firmwareMatch15.03.06.28

AND

tendaac5Match1.0

References

github.com/DrizzlingSun/Tenda/blob/main/AC5/2/2.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for NVD:CVE-2023-25211

cvelist1 prion1 cve1