Lucene search

[email protected]NVD:CVE-2023-38931

HistoryAug 07, 2023 - 7:15 p.m.

CVE-2023-38931

2023-08-0719:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-38931

tenda

routers

stack overflow

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

Affected configurations

Nvd

Node

tendaac10_firmwareMatch15.03.06.23

AND

tendaac10Match1.0

Node

tendaac1206_firmwareMatch15.03.06.23

AND

tendaac1206Match-

Node

tendaac8_firmwareMatch16.03.34.06

AND

tendaac8Match4.0

Node

tendaac6_firmwareMatch15.03.06.23

AND

tendaac6Match2.0

Node

tendaac7_firmwareMatch15.03.06.44

AND

tendaac7Match1.0

Node

tendaf1203_firmwareMatch2.0.1.6

AND

tendaf1203Match-

Node

tendaac5_firmwareMatch15.03.06.28

AND

tendaac5Match1.0

Node

tendaac10_firmwareMatch16.03.10.13

AND

tendaac10Match4.0

Node

tendafh1203_firmwareMatch2.0.1.6

AND

tendafh1203Match-

VendorProductVersionCPE
tendaac10_firmware15.03.06.23cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*
tendaac101.0cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*
tendaac1206_firmware15.03.06.23cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
tendaac1206-cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
tendaac8_firmware16.03.34.06cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
tendaac84.0cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*
tendaac6_firmware15.03.06.23cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
tendaac62.0cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*
tendaac7_firmware15.03.06.44cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
tendaac71.0cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ac10_firmware	15.03.06.23	cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:::::::*
tenda	ac10	1.0	cpe:2.3:h:tenda:ac10:1.0:::::::*
tenda	ac1206_firmware	15.03.06.23	cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:::::::*
tenda	ac1206	-	cpe:2.3:h:tenda:ac1206:-:::::::*
tenda	ac8_firmware	16.03.34.06	cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:::::::*
tenda	ac8	4.0	cpe:2.3:h:tenda:ac8:4.0:::::::*
tenda	ac6_firmware	15.03.06.23	cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:::::::*
tenda	ac6	2.0	cpe:2.3:h:tenda:ac6:2.0:::::::*
tenda	ac7_firmware	15.03.06.44	cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:::::::*
tenda	ac7	1.0	cpe:2.3:h:tenda:ac7:1.0:::::::*

Rows per page:

1-10 of 181

References

github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

Related for NVD:CVE-2023-38931

cve1 prion1 cvelist1