CVE-2023-36103

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Sep 10, 2024
CWE ID 77

Summary

CVE-2023-36103 is a command injection vulnerability found in the goform/SetIPTVCfg interface of the Tenda AC15 router (version V15.03.05.20), allowing remote attackers to execute arbitrary commands through specially crafted POST requests. This vulnerability has a high base score of 8.0 and can lead to significant integrity, confidentiality, and availability impacts, with low privileges required for exploitation and no user interaction necessary. Organizations using the affected Tenda AC15 router should implement immediate remediation measures by updating to the latest firmware version provided by the vendor or applying any recommended security patches. If exploited, this vulnerability poses a serious risk as it can allow unauthorized access and control over network devices, potentially affecting overall network security. The attack vector is classified as adjacent network, indicating that an attacker must be on the same local area network to exploit this vulnerability effectively.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share