Stack Overflow Vulnerability in Tenda AC23 Router
CVE-2022-43101

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac23 Firmware
Vendor: CVE Published:; 3 November 2022

Summary

The Tenda AC23 router’s firmware has a stack overflow vulnerability that can be exploited through the 'devName' parameter in the 'formSetDeviceName' function. An attacker could potentially manipulate the input to execute arbitrary code, thereby compromising the security of the device. This type of vulnerability underscores the importance of securing IoT devices against unauthorized access and manipulation.

References

https://github.com/ppcrab/IOT_FIRMWARE/blob/main/Tenda/ac...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Oct 17, 2022