CVE-2023-40798

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 25, 2023

Updated: Aug 29, 2023

CWE ID 20

Summary

CVE-2023-40798 is a newly identified vulnerability affecting Tenda AC23 routers running version v16.03.07.45_cn. This issue arises due to the formSetIPv6status and formGetWanParameter functions, which fail to authenticate user input parameters during post-authentication processes. Consequently, an attacker can exploit this flaw to trigger a stack overflow, potentially gaining unauthorized control over the affected device. This vulnerability poses a significant risk to users, making it essential to apply the necessary patches or updates as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbNL8v
https://www.cve.org/CVERecord?id=CVE-2023-40798
https://nvd.nist.gov/vuln/detail/CVE-2023-40798

Back to Vulnerability Database

CVE-2023-40798

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations