Stack Overflow Vulnerability in Tenda AC8 Router
CVE-2023-39785

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac8v4 Firmware
Vendor: CVE Published:; 21 August 2023

Summary

The Tenda AC8 Router, specifically version V16.03.34.06, has been identified with a stack overflow vulnerability. This issue arises from improper handling of user input via the 'list' parameter in the set_qosMib_list function. Successful exploitation of this vulnerability could lead to adverse effects on the router's functionality, potentially exposing network devices to unauthorized access or disruption. Users are encouraged to review security practices and apply necessary updates to mitigate this risk.

References

http://tenda.com

https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 7, 2023