Lucene search

[email protected]NVD:CVE-2023-37716

HistoryJul 14, 2023 - 12:15 a.m.

CVE-2023-37716

2023-07-1400:15:09

CWE-787

[email protected]

web.nvd.nist.gov

tenda

routers

stack overflow

page parameter

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

Affected configurations

Nvd

Node

tendaf1202_firmwareMatch1.2.0.20\(408\)

AND

tendaf1202Match-

Node

tendafh1202_firmwareMatch1.2.0.19_en

AND

tendafh1202Match-

Node

tendaf1202_firmwareMatch1.0br

AND

tendaf1202Match-

Node

tendaac10_firmwareMatch1.0

AND

tendaac10Match-

Node

tendaac1206_firmwareMatch1.0

AND

tendaac1206Match-

Node

tendaac7_firmwareMatch1.0

AND

tendaac7Match-

Node

tendaac5_firmwareMatch1.0

AND

tendaac5Match-

Node

tendaac9_firmwareMatch3.0

AND

tendaac9Match-

VendorProductVersionCPE
tendaf1202_firmware1.2.0.20(408)cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):*:*:*:*:*:*:*
tendaf1202-cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*
tendafh1202_firmware1.2.0.19_encpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*
tendafh1202-cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*
tendaf1202_firmware1.0brcpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*
tendaac10_firmware1.0cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*
tendaac10-cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
tendaac1206_firmware1.0cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*
tendaac1206-cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
tendaac7_firmware1.0cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	f1202_firmware	1.2.0.20(408)	cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):::::::*
tenda	f1202	-	cpe:2.3:h:tenda:f1202:-:::::::*
tenda	fh1202_firmware	1.2.0.19_en	cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:::::::*
tenda	fh1202	-	cpe:2.3:h:tenda:fh1202:-:::::::*
tenda	f1202_firmware	1.0br	cpe:2.3:o:tenda:f1202_firmware:1.0br:::::::*
tenda	ac10_firmware	1.0	cpe:2.3:o:tenda:ac10_firmware:1.0:::::::*
tenda	ac10	-	cpe:2.3:h:tenda:ac10:-:::::::*
tenda	ac1206_firmware	1.0	cpe:2.3:o:tenda:ac1206_firmware:1.0:::::::*
tenda	ac1206	-	cpe:2.3:h:tenda:ac1206:-:::::::*
tenda	ac7_firmware	1.0	cpe:2.3:o:tenda:ac7_firmware:1.0:::::::*

Rows per page:

1-10 of 151

References

github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Related for NVD:CVE-2023-37716

prion1 cve1 cvelist1