Buffer Overflow Vulnerability in Tenda AC8v4 Router
CVE-2023-48194

9.8CRITICAL

Key Information:

Vendor
Tenda
Status
Ac8v4 Firmware
Vendor
CVE Published:
9 July 2024

Summary

A newly identified vulnerability in the Tenda AC8v4 router arises from improper handling of input via the sscanf function, which causes buffer overflow issues. Specifically, during the execution of set_client_qos, the last digit of an internal variable is erroneously overwritten with a null byte. This exploitation can lead to unauthorized control over the gp register, allowing potential intruders to manipulate router functionality. Users of the Tenda AC8v4 are advised to assess their security measures and seek updates from the vendor.

References

http://tenda.com
https://github.com/zt20xx/CVE-2023-48194
https://www.tenda.com.cn/download/detail-3683.html

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.