CVE-2023-38823

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-25 CVE Reserved
2023-11-20 CVE Published
2023-11-28 First Exploit
2024-08-02 CVE Updated
2024-10-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (2)

URL	Tag	Source
https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md

URL	Date	SRC
https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md	2023-11-28

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tenda Search vendor "Tenda"	Ac6 Firmware Search vendor "Tenda" for product "Ac6 Firmware"	15.03.05.19\(6318\) Search vendor "Tenda" for product "Ac6 Firmware" and version "15.03.05.19\(6318\)"	-	Affected	in	Tenda Search vendor "Tenda"	Ac6 Search vendor "Tenda" for product "Ac6"	2.0 Search vendor "Tenda" for product "Ac6" and version "2.0"	-	Safe
Tenda Search vendor "Tenda"	Ac6 Firmware Search vendor "Tenda" for product "Ac6 Firmware"	15.03.05.19\(6318\) Search vendor "Tenda" for product "Ac6 Firmware" and version "15.03.05.19\(6318\)"	-	Affected	in	Tenda Search vendor "Tenda"	Ac6 Search vendor "Tenda" for product "Ac6"	1.0 Search vendor "Tenda" for product "Ac6" and version "1.0"	-	Safe
Tenda Search vendor "Tenda"	Ac9 Firmware Search vendor "Tenda" for product "Ac9 Firmware"	15.03.05.19\(6318\) Search vendor "Tenda" for product "Ac9 Firmware" and version "15.03.05.19\(6318\)"	-	Affected	in	Tenda Search vendor "Tenda"	Ac9 Search vendor "Tenda" for product "Ac9"	1.0 Search vendor "Tenda" for product "Ac9" and version "1.0"	-	Safe
Tenda Search vendor "Tenda"	Ac19 Firmware Search vendor "Tenda" for product "Ac19 Firmware"	15.03.05.19\(6318\) Search vendor "Tenda" for product "Ac19 Firmware" and version "15.03.05.19\(6318\)"	-	Affected	in	Tenda Search vendor "Tenda"	Ac19 Search vendor "Tenda" for product "Ac19"	1.0 Search vendor "Tenda" for product "Ac19" and version "1.0"	-	Safe
Tenda Search vendor "Tenda"	Ac18 Firmware Search vendor "Tenda" for product "Ac18 Firmware"	15.03.05.19\(6318\) Search vendor "Tenda" for product "Ac18 Firmware" and version "15.03.05.19\(6318\)"	-	Affected	in	Tenda Search vendor "Tenda"	Ac18 Search vendor "Tenda" for product "Ac18"	-	-	Safe