CVE-2023-43885

8.1HIGH

Key Information:

Vendor: Tenda
Status: Rx9 Pro Firmware
Vendor: CVE Published:; 7 November 2023

Summary

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

References

https://blog.rtlcopymemory.com/tenda-rx9-pro/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 25, 2023

Collectors

NVD DatabaseMitre Database