Lucene search

[email protected]NVD:CVE-2023-43885

HistoryNov 07, 2023 - 8:15 a.m.

CVE-2023-43885

2023-11-0708:15:24

CWE-862

[email protected]

web.nvd.nist.gov

http server

tenda rx9 pro

firmware

authenticated attackers

device locking

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.6%

JSON

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

Affected configurations

Nvd

Node

tendarx9_proMatch-

AND

tendarx9_pro_firmwareMatch22.03.02.10

VendorProductVersionCPE
tendarx9_pro-cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
tendarx9_pro_firmware22.03.02.10cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	rx9_pro	-	cpe:2.3:h:tenda:rx9_pro:-:::::::*
tenda	rx9_pro_firmware	22.03.02.10	cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.10:::::::*

References

blog.rtlcopymemory.com/tenda-rx9-pro/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.6%

JSON

Related for NVD:CVE-2023-43885

cve1 cvelist1 prion1 vulnrichment1