Lucene search

MitreCVE-2023-37716

HistoryJul 14, 2023 - 12:15 a.m.

CVE-2023-37716

2023-07-1400:15:09

CWE-787

mitre

web.nvd.nist.gov

tenda

routers

stack overflow

vulnerability

security

nvd

cve-2023-37716

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

Affected configurations

Nvd

Node

tendaf1202_firmwareMatch1.2.0.20\(408\)

AND

tendaf1202Match-

Node

tendafh1202_firmwareMatch1.2.0.19_en

AND

tendafh1202Match-

Node

tendaf1202_firmwareMatch1.0br

AND

tendaf1202Match-

Node

tendaac10_firmwareMatch1.0

AND

tendaac10Match-

Node

tendaac1206_firmwareMatch1.0

AND

tendaac1206Match-

Node

tendaac7_firmwareMatch1.0

AND

tendaac7Match-

Node

tendaac5_firmwareMatch1.0

AND

tendaac5Match-

Node

tendaac9_firmwareMatch3.0

AND

tendaac9Match-

VendorProductVersionCPE
tendaf1202_firmware1.2.0.20(408)cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):*:*:*:*:*:*:*
tendaf1202-cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*
tendafh1202_firmware1.2.0.19_encpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*
tendafh1202-cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*
tendaf1202_firmware1.0brcpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*
tendaac10_firmware1.0cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*
tendaac10-cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
tendaac1206_firmware1.0cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*
tendaac1206-cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
tendaac7_firmware1.0cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	f1202_firmware	1.2.0.20(408)	cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):::::::*
tenda	f1202	-	cpe:2.3:h:tenda:f1202:-:::::::*
tenda	fh1202_firmware	1.2.0.19_en	cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:::::::*
tenda	fh1202	-	cpe:2.3:h:tenda:fh1202:-:::::::*
tenda	f1202_firmware	1.0br	cpe:2.3:o:tenda:f1202_firmware:1.0br:::::::*
tenda	ac10_firmware	1.0	cpe:2.3:o:tenda:ac10_firmware:1.0:::::::*
tenda	ac10	-	cpe:2.3:h:tenda:ac10:-:::::::*
tenda	ac1206_firmware	1.0	cpe:2.3:o:tenda:ac1206_firmware:1.0:::::::*
tenda	ac1206	-	cpe:2.3:h:tenda:ac1206:-:::::::*
tenda	ac7_firmware	1.0	cpe:2.3:o:tenda:ac7_firmware:1.0:::::::*

Rows per page:

1-10 of 151

References

github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for CVE-2023-37716