Stack Overflow Vulnerability in Tenda AC1206 and Related Products
CVE-2023-37712

9.8CRITICAL

Key Information:

Vendor
Tenda
Vendor
CVE Published:
10 July 2023

Summary

A stack overflow vulnerability has been identified in certain Tenda devices, specifically in the fromSetIpBind function. This vulnerability occurs when the page parameter is improperly handled, potentially allowing an attacker to execute arbitrary code or disrupt service functionality. Affected devices include the Tenda AC1206, F1202, and FH1202 models. Users are urged to review their device configurations and implement necessary patches to mitigate potential risks.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.