CVE-2023-0782
Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.
Eine Schwachstelle wurde in Tenda AC23 16.03.07.45 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetSysToolDDNS/formGetSysToolDDNS der Datei /bin/httpd. Mit der Manipulation mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-02-11 CVE Reserved
- 2023-02-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.220640 | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://github.com/jingping911/tendaAC23overflow/blob/main/README.md | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tenda Search vendor "Tenda" | Ac23 Firmware Search vendor "Tenda" for product "Ac23 Firmware" | 16.03.07.45 Search vendor "Tenda" for product "Ac23 Firmware" and version "16.03.07.45" | - |
Affected
| in | Tenda Search vendor "Tenda" | Ac23 Search vendor "Tenda" for product "Ac23" | - | - |
Safe
|