Stack Overflow Vulnerability in Tenda Networking Products
CVE-2023-37719

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: F1202 Firmware
Vendor: CVE Published:; 14 July 2023

Summary

The Tenda F1202 and FH1202 models exhibit a stack overflow vulnerability caused by inadequate handling of the page parameter within the fromP2pListFilter function. This flaw could potentially allow attackers to execute arbitrary code, compromising the integrity and availability of the device. Users are strongly advised to mitigate this risk by following best security practices and applying any available patches.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/from...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2023
Vulnerability Reserved
Jul 10, 2023