CVE-2023-40893

Summary

CVE-2023-40893 is a recently disclosed stack overflow vulnerability affecting the Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn firmware. This issue can be exploited by maliciously crafted time parameter inputs sent to the /goform/PowerSaveSet endpoint, ultimately leading to unintended stack memory consumption and potential attacker code execution. Successful exploitation of this vulnerability may result in unauthorized access to affected devices or networks, and could potentially enable further attacks on connected systems. Users of the affected Tenda AC8 v4 router model are advised to update their firmware to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.