Stack Overflow Vulnerability in Tenda AC7 Router
CVE-2023-41555

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ac7 Firmware
Vendor: CVE Published:; 30 August 2023

Summary

The Tenda AC7 router version V1.0 V15.03.06.44 has been identified to have a stack overflow vulnerability that occurs when the 'security_5g' parameter is processed at the endpoint /goform/WifiBasicSet. This flaw could potentially enable an attacker to execute arbitrary code, compromising the integrity and confidentiality of the device and the network it connects to. Users are advised to review their router settings and apply security updates promptly to mitigate risks associated with this vulnerability.

References

https://github.com/peris-navince/founded-0-days/blob/main...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 30, 2023