Stack Overflow Vulnerability in Tenda Routers and Access Points
CVE-2023-37716

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: F1202 Firmware
Vendor: CVE Published:; 14 July 2023

What is CVE-2023-37716?

The Tenda routers and access points, including models F1202 and AC series, contain a vulnerability due to a stack overflow in the 'fromNatStaticSetting' function. This flaw arises when processing the page parameter, which could potentially allow an attacker to execute arbitrary code or disrupt service. It is crucial for users of affected devices to apply security patches or updates promptly to mitigate potential risks.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/from...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2023
Vulnerability Reserved
Jul 10, 2023