Stack Overflow Vulnerability in Tenda AC6 Routers
CVE-2023-26976

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac6 Firmware
Vendor: CVE Published:; 4 April 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A stack overflow vulnerability exists in Tenda AC6 routers due to improper handling of the ssid parameter within the form_fast_setting_wifi_set function. This flaw could allow an attacker to exploit the vulnerable components of the router, potentially leading to unauthorized access and the execution of arbitrary code. Users are urged to check their firmware and apply any available patches to mitigate the risk posed by this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-26976_tenda_AC6_stack_overflow
Created by FzBacon

References

https://github.com/Funcy33/Vluninfo_Repo/tree/main/CNVDs/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 11, 2023
👾
Exploit known to exist
Apr 11, 2023
Vulnerability published
Apr 4, 2023
Vulnerability Reserved
Feb 27, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)