Stack Overflow Vulnerability in Tenda AC21 Router Firmware
CVE-2023-24333

8.8HIGH

Key Information:

Vendor: Tenda Technology
Status: Ac21 Firmware
Vendor: CVE Published:; 21 February 2024

🔔 Create Tenda Technology Vulnerability Alert

What is CVE-2023-24333?

A stack overflow vulnerability has been identified in the Tenda AC21 router, specifically in the firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01. This vulnerability allows attackers to exploit the device by sending specially crafted POST requests to the /goform/openSchedWifi endpoint. Successful exploitation can lead to unauthorized execution of arbitrary commands on the affected router, potentially compromising the integrity and security of the entire network. Users are urged to implement immediate mitigation steps to safeguard against potential attacks and protect sensitive data.

References

https://github.com/caoyebo/CVE/tree/main/TENDA%20AC21%20-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Jan 23, 2023

CVE-2023-24333 Data

JSON