Lucene search

[email protected]NVD:CVE-2023-38937

HistoryAug 07, 2023 - 7:15 p.m.

CVE-2023-38937

2023-08-0719:15:11

CWE-787

[email protected]

web.nvd.nist.gov

tenda

routers

vulnerability

stack overflow

formsetvirtualser

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.6%

JSON

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

Affected configurations

NVD

Node

tendaac10_firmwareMatch15.03.06.23

AND

tendaac10Match1.0

Node

tendaac1206_firmwareMatch15.03.06.23

AND

tendaac1206Match-

Node

tendaac8_firmwareMatch16.03.34.06

AND

tendaac8Match4.0

Node

tendaac6_firmwareMatch15.03.06.23

AND

tendaac6Match2.0

Node

tendaac7_firmwareMatch15.03.06.44

AND

tendaac7Match1.0

Node

tendaac5_firmwareMatch15.03.06.28

AND

tendaac5Match1.0

Node

tendaac10_firmwareMatch16.03.10.13

AND

tendaac10Match4.0

Node

tendaac9_firmwareMatch15.03.06.42_multi

AND

tendaac9Match3.0

References

github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for NVD:CVE-2023-38937

cve1 prion1 cvelist1