CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md	Exploit Third Party Advisory
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:30

Type	Values Removed	Values Added
References	~~() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md - Exploit, Third Party Advisory~~	() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md - Exploit, Third Party Advisory

28 Oct 2024, 20:35

Type	Values Removed	Values Added
CWE	~~CWE-122~~

05 Sep 2024, 14:35

Type	Values Removed	Values Added
CWE		CWE-122

14 Nov 2023, 19:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
References	~~() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md -~~	() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md - Exploit, Third Party Advisory
CPE		cpe:2.3:h:tenda:ax1806:-:::::::* cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:::::::*
First Time		Tenda Tenda ax1806 Firmware Tenda ax1806
CWE		CWE-787

07 Nov 2023, 15:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 15:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47455

Mitre link : CVE-2023-47455

CVE.ORG link : CVE-2023-47455

JSON object : View

Products Affected

tenda

ax1806_firmware
ax1806

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-47455", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-11-07T15:15:10.870", "references": [{"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size."}, {"lang": "es", "value": "Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la funci\u00f3n setSchedWifi, en la que src y v12 se obtienen directamente del par\u00e1metro de solicitud http schedStartTime y schedEndTime sin verificar su tama\u00f1o."}], "lastModified": "2024-11-21T08:30:18.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "578F9769-EF24-4B52-83D3-9AA2C91A503D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ACA44369-A513-474F-8DD0-A81B598F5B07"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}