Lucene search

[email protected]NVD:CVE-2023-37711

HistoryJul 10, 2023 - 5:15 p.m.

CVE-2023-37711

2023-07-1017:15:09

CWE-787

[email protected]

web.nvd.nist.gov

tenda ac1206

ac10

stack overflow

deviceid parameter

saveparentcontrolinfo function

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.4%

JSON

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.

Affected configurations

Nvd

Node

tendaac10_firmwareMatch15.03.06.47

AND

tendaac10Match-

Node

tendaac1206_firmwareMatch15.03.06.23

AND

tendaac1206Match-

VendorProductVersionCPE
tendaac10_firmware15.03.06.47cpe:2.3:o:tenda:ac10_firmware:15.03.06.47:*:*:*:*:*:*:*
tendaac10-cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
tendaac1206_firmware15.03.06.23cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
tendaac1206-cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac10_firmware	15.03.06.47	cpe:2.3:o:tenda:ac10_firmware:15.03.06.47:::::::*
tenda	ac10	-	cpe:2.3:h:tenda:ac10:-:::::::*
tenda	ac1206_firmware	15.03.06.23	cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:::::::*
tenda	ac1206	-	cpe:2.3:h:tenda:ac1206:-:::::::*

References

github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.4%

JSON

Related for NVD:CVE-2023-37711

prion1 cvelist1 cve1