Buffer Overflow Vulnerability in Tenda AC18 Router
CVE-2023-24169

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac18 Firmware
Vendor: CVE Published:; 26 January 2023

Summary

The Tenda AC18 router version V15.03.05.19 has a vulnerability that allows for a buffer overflow through the /goform/FUN_0007343c endpoint. This flaw can potentially allow an attacker to execute arbitrary code, leading to unauthorized access and control over the device. Users are advised to review their router configurations and apply any necessary patches to mitigate this risk. Further details can be found in the associated documentation.

References

https://github.com/DrizzlingSun/Tenda/blob/main/AC18/6/6.md

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023