CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40797
https://notcve.org/view.php?id=CVE-2023-40797
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. • https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2649 – Tenda AC23 Service Port 7329 ate command injection
https://notcve.org/view.php?id=CVE-2023-2649
A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. • https://github.com/xinzhihen06/ac23tenda/blob/main/tendaAC23.md https://vuldb.com/?ctiid.228778 https://vuldb.com/?id.228778 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0782 – Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write
https://notcve.org/view.php?id=CVE-2023-0782
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jingping911/tendaAC23overflow/blob/main/README.md https://vuldb.com/?ctiid.220640 https://vuldb.com/?id.220640 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43102
https://notcve.org/view.php?id=CVE-2022-43102
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. Se descubrió que Tenda AC23 V16.03.07.45_cn contenía un desbordamiento de pila a través del parámetro timeZone en la función fromSetSysTime. • https://github.com/ppcrab/IOT_FIRMWARE/blob/main/Tenda/ac23/ac23.md#fromsetsystimesub_496104strcpychar-v6-s • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-43105
https://notcve.org/view.php?id=CVE-2022-43105
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Se descubrió que Tenda AC23 V16.03.07.45_cn contenía un desbordamiento de pila a través del parámetro shareSpeed en la función fromSetWifiGusetBasic. • https://github.com/ppcrab/IOT_FIRMWARE/blob/main/Tenda/ac23/ac23.md#fromsetwifigusetbasic • CWE-787: Out-of-bounds Write •