Stack Overflow Vulnerability in Tenda Networking Devices
CVE-2023-38934

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1203 Firmware
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-38934?

An issue has been identified in Tenda F1203, FH1203, and FH1205 devices where a stack overflow occurs via the deviceId parameter in the formSetDeviceName function. This vulnerability can potentially allow an attacker to exploit the affected devices, impacting their ability to manage and configure device names securely. Users of these devices should be cautious and look for firmware updates or patches from the vendor.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/form...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 25, 2023