CVE-2023-41559

Summary

CVE-2023-41559 is a newly disclosed vulnerability affecting specific models of Tenda routers, including the AC7 V1.0 V15.03.06.44, AC9 V3.0 V15.03.06.42_multi, and AC5 V1.0RTL_V15.03.06.28. This issue stems from a stack overflow vulnerability located in the /goform/NatStaticSetting URL's page parameter. An attacker can exploit this flaw by sending malicious input to the router, leading to a buffer overflow and potential crashes or remote code execution. Successful exploitation could result in unauthorized access, data theft, or denial-of-service attacks. Users of these affected Tenda router models are advised to update their firmware as soon as patches become available to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.