Stack Overflow Vulnerability in Tenda Networking Devices
CVE-2023-38938

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: F1202 Firmware
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-38938?

Tenda networking devices, including the F1202, PA202, PW201A, and FH1202, have been identified with a stack overflow vulnerability. This security flaw occurs via the page parameter at the /L7Im endpoint, which could be exploited to cause service disruptions or allow unintended access. Network administrators should prioritize applying patches or adopting mitigations to address this vulnerability in affected products.

References

https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 25, 2023