CVE-2023-38931
Last modified
CVE-2023-38931 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac10 Firmware | 15.03.06.23 |
| Tenda | Ac1206 Firmware | 15.03.06.23 |
| Tenda | Ac8 Firmware | 16.03.34.06 |
| Tenda | Ac6 Firmware | 15.03.06.23 |
| Tenda | Ac7 Firmware | 15.03.06.44 |
| Tenda | F1203 Firmware | 2.0.1.6 |
| Tenda | Ac5 Firmware | 15.03.06.28 |
| Tenda | Ac10 Firmware | 16.03.10.13 |
| Tenda | Fh1203 Firmware | 2.0.1.6 |
References
- https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.mdExploit, Third Party Advisory
- https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-38931?
How severe is CVE-2023-38931?
How do I fix CVE-2023-38931?
Are you affected by CVE-2023-38931?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST