Stack Overflow Vulnerability in Tenda AC8 Router
CVE-2023-33670

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac8 Firmware
Vendor: CVE Published:; 2 June 2023

Summary

The Tenda AC8 Router version V4.0 (V16.03.34.06) is susceptible to a stack overflow vulnerability due to insufficient validation of the time parameter in the sub_4a79ec function. Exploitation of this vulnerability may lead to potential remote code execution, allowing attackers to manipulate system behavior and gain unauthorized access. Users are advised to implement necessary updates and monitor for suspicious behavior to safeguard their network.

References

https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/...

https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N3

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
May 22, 2023