cve-2023-38937
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-17 14:40
Severity ?
EPSS score ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md | Exploit, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:54:39.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac6", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V2.0 V15.03.06.23" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac10", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V1.0 V15.03.06.23" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac1206", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V15.03.06.23" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac8", "vendor": "tenda", "versions": [ { "status": "affected", "version": "v4 V16.03.34.06" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac7", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V1.0 V15.03.06.44" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac5", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V1.0 V15.03.06.28" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac9", "vendor": "tenda", "versions": [ { "status": "affected", "version": "V3.0 V15.03.06.42_multi" } ] }, { "cpes": [ "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ac10", "vendor": "tenda", "versions": [ { "status": "affected", "version": "v4.0 V16.03.10.13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-38937", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T14:37:17.298133Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-17T14:40:31.909Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-07T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-38937", "datePublished": "2023-08-07T00:00:00", "dateReserved": "2023-07-25T00:00:00", "dateUpdated": "2024-10-17T14:40:31.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-38937\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-08-07T19:15:11.413\",\"lastModified\":\"2023-08-10T18:22:01.703\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66ED84F0-B0EB-4F55-9AD6-C8B682BAB472\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF790B76-6CAD-483A-95FA-80955643825B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"787A50A1-EDBC-44EB-8CF2-11C4FC63719D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29D5013D-520A-461A-95FF-43B2BE160F91\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C1D64DC-1EDC-4F62-8D22-E1890B71843C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"655619B2-6E8B-4D2E-98E7-028E69597E80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D82FD30C-AF3C-4E3B-B674-002A5C9ED09D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E382AD7E-1450-40FC-AE9D-698B491805F0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D94B37C-491D-4E7C-8273-F46FEDA62C9F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96503617-6B69-4862-ADFE-4EF379876F0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F928648-C8B2-4D37-8343-C74AABEFAB07\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D141716B-56F0-4061-9D87-943B7858F2F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1C8715-D7B4-4D1A-9E90-079C72049332\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"970AEBF4-2B32-4633-A75B-2D2C598C048D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F482F89-B0F6-450D-B675-43EC0A9E6A4B\"}]}]}],\"references\":[{\"url\":\"https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.