CVE-2023-38935

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac1206 Firmware
Vendor: CVE Published:; 7 August 2023

Summary

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/form...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 25, 2023

Collectors

NVD DatabaseMitre Database