CVE-2023-40802

Summary

CVE-2023-40802 is a post-authentication heap overflow vulnerability affecting the Tenda AC23 router running version 16.03.07.45_cn. The issue lies in the get_parentControl_list_Info function, which fails to validate user-supplied input. An attacker can exploit this vulnerability by sending maliciously crafted data to the affected device, resulting in heap memory corruption and potentially gaining control of the system. This security weakness could lead to sensitive data theft or unauthorized access to the network. Users are advised to update their Tenda AC23 devices to the latest available firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.