Tenda AC8 formSetDeviceName stack-based overflow
CVE-2023-4744

9.8CRITICAL

Key Information:

Vendor

Tenda
Status
Ac8
Vendor
CVE Published:
4 September 2023

What is CVE-2023-4744?

A vulnerability exists in Tenda AC8 routers, specifically in the function responsible for setting device names. This flaw allows for a stack-based buffer overflow, which can be triggered remotely by an attacker. The exploit, already disclosed to the public, poses significant security risks as it could potentially allow unauthorized access or execution of arbitrary code on the affected devices.

Affected Version(s)

AC8 16.03.34.06_cn_TDC01

References

https://vuldb.com/?id.238633
vdb-entrytechnical-description
https://vuldb.com/?ctiid.238633
signaturepermissions-required
https://github.com/GleamingEyes/vul/blob/main/tenda_ac8/a...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tianwenqi (VulDB User)
.
CVE-2023-4744 : Tenda AC8 formSetDeviceName stack-based overflow