Stack Overflow Vulnerability in Tenda Routers and IoT Devices
CVE-2023-38933

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac10 Firmware
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-38933?

Recent findings indicate that several Tenda router and IoT device models are susceptible to a stack overflow vulnerability. The issue arises from improper handling of the deviceId parameter in the formSetClientState function, which could allow attackers to exploit this flaw. Devices affected include the AC6, AC7, and F1203 among others, with specific firmware versions identified. Prompt action is recommended to mitigate risks associated with this vulnerability.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/form...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 25, 2023