Stack Overflow Vulnerability in Tenda AC8 Router Firmware
CVE-2023-39784

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac8v4 Firmware
Vendor: CVE Published:; 21 August 2023

Summary

A stack overflow vulnerability has been identified in the Tenda AC8 router firmware version V16.03.34.06. Specifically, it arises from improper handling of the list parameter within the save_virtualser_data function, potentially enabling an attacker to exploit the overflow. This could lead to arbitrary code execution or system crashes. Users of Tenda AC8 routers are urged to review their firmware and implement the latest security patches to mitigate the risk associated with this vulnerability.

References

http://tenda.com

https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 7, 2023