Arbitrary Device Locking in Tenda RX9 Pro Firmware
CVE-2023-43885

8.1HIGH

Key Information:

Vendor: Tenda
Status: Rx9 Pro Firmware
Vendor: CVE Published:; 7 November 2023

Summary

The Tenda RX9 Pro Firmware V22.03.02.20 contains a vulnerability in its HTTP server component that lacks adequate error handling mechanisms. This deficiency allows authenticated attackers to exploit the system and arbitrarily lock the device, thus disrupting its functionality and access for legitimate users. This issue underscores the importance of robust error management protocols in firmware development to protect against unauthorized control over network devices.

References

https://blog.rtlcopymemory.com/tenda-rx9-pro/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 25, 2023