Post-Authentication Heap Overflow in Tenda AC23 Router
CVE-2023-40802

6.5MEDIUM

Key Information:

Vendor: Tenda
Status: Ac23 Firmware
Vendor: CVE Published:; 25 August 2023

What is CVE-2023-40802?

The Tenda AC23 router is susceptible to a post-authentication heap overflow vulnerability in the get_parentControl_list_Info function. This flaw arises due to the lack of parameter verification for user inputs, potentially allowing attackers to exploit this oversight. Exploitation could lead to arbitrary code execution or crash the device, thus jeopardizing the security of the router and the network it supports. It is crucial for users to apply necessary patches and updates to mitigate this risk.

References

https://github.com/lst-oss/Vulnerability/tree/main/Tenda/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2023
Vulnerability Reserved
Aug 22, 2023