CVE-2023-40837

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2023

Updated: Sep 1, 2023

CWE ID 78

Summary

CVE-2023-40837 is a vulnerability affecting Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin firmware. The issue lies in the 'sub_ADD50' function, which contains a command execution vulnerability. In the "formSetIptv" function, attackers can pass unfiltered the "list" and "vlanId" fields as parameters to 'sub_ADD50', enabling them to execute arbitrary commands on the affected device. This vulnerability poses a significant risk, allowing attackers to gain unauthorized access and control over the targeted network.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sgcG1m
https://www.cve.org/CVERecord?id=CVE-2023-40837
https://nvd.nist.gov/vuln/detail/CVE-2023-40837

Back to Vulnerability Database

CVE-2023-40837

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations