CVE-2023-37716

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md	Exploit Third Party Advisory
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*

cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*

cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:tenda:ac5_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:tenda:ac9_firmware:3.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:12

Type	Values Removed	Values Added
References	~~() https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md - Exploit, Third Party Advisory~~	() https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md - Exploit, Third Party Advisory

21 Jul 2023, 14:33

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Tenda f1202 Tenda ac1206 Tenda ac7 Firmware Tenda ac9 Tenda Tenda ac1206 Firmware Tenda ac9 Firmware Tenda ac5 Firmware Tenda ac7 Tenda f1202 Firmware Tenda ac5 Tenda ac10 Firmware Tenda fh1202 Firmware Tenda ac10 Tenda fh1202
References	~~(MISC) https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md -~~	(MISC) https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:::::::* cpe:2.3:h:tenda:fh1202:-:::::::* cpe:2.3:h:tenda:ac10:-:::::::* cpe:2.3:o:tenda:ac10_firmware:1.0:::::::* cpe:2.3:o:tenda:ac1206_firmware:1.0:::::::* cpe:2.3:o:tenda:ac9_firmware:3.0:::::::* cpe:2.3:h:tenda:ac9:-:::::::* cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):::::::* cpe:2.3:o:tenda:ac5_firmware:1.0:::::::* cpe:2.3:h:tenda:ac1206:-:::::::* cpe:2.3:h:tenda:ac7:-:::::::* cpe:2.3:h:tenda:f1202:-:::::::* cpe:2.3:o:tenda:f1202_firmware:1.0br:::::::* cpe:2.3:h:tenda:ac5:-:::::::* cpe:2.3:o:tenda:ac7_firmware:1.0:::::::*

14 Jul 2023, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-14 00:15

Updated : 2024-11-21 08:12

NVD link : CVE-2023-37716

Mitre link : CVE-2023-37716

CVE.ORG link : CVE-2023-37716

JSON object : View

Products Affected

tenda

ac9_firmware
ac9
ac1206
ac7_firmware
ac7
ac10
ac5
fh1202_firmware
ac1206_firmware
ac5_firmware
f1202
fh1202
ac10_firmware
f1202_firmware

CWE

CWE-787

Out-of-bounds Write

9.8 /10