CVE-2023-40800

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 25, 2023

Updated: Aug 29, 2023

CWE ID 20

Summary

CVE-2023-40800 is a newly disclosed vulnerability affecting Tenda AC23 routers running version 16.03.07.45_cn. The compare_parentcontrol_time function in the software fails to authenticate user input parameters, leading to a post-authentication stack overflow. An attacker could exploit this vulnerability by sending specially crafted data to the router, potentially gaining unauthorized control or causing it to crash. This issue poses a significant risk to users and requires immediate attention and patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbNL8z
https://www.cve.org/CVERecord?id=CVE-2023-40800
https://nvd.nist.gov/vuln/detail/CVE-2023-40800

Back to Vulnerability Database

CVE-2023-40800

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations