CVE-2023-49406

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 9, 2023

Summary

CVE-2023-49406 is a newly disclosed vulnerability affecting Tenda W30E routers running version V16.01.0.12(4843). Hackers can exploit this Command Execution flaw, located in the /goform/telnet function, to gain unauthorized access and execute arbitrary system commands. By exploiting this vulnerability, attackers can potentially take full control of the affected device and compromise the underlying network. Users are strongly advised to update their routers to the latest firmware version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shenzhen Tenda Technology Co. Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tlE1jG
https://www.cve.org/CVERecord?id=CVE-2023-49406
https://nvd.nist.gov/vuln/detail/CVE-2023-49406

Back to Vulnerability Database

CVE-2023-49406

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations