CVE-2023-39670
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-39670 is a newly identified buffer overflow vulnerability affecting the Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 firmware. The issue arises due to the insecure usage of the function fgets, which leads to an excessive data input. An attacker can exploit this vulnerability by sending maliciously crafted data to the affected device, potentially leading to unintended system behavior or even complete takeover. This poses a significant risk to network security and requires immediate attention from users and manufacturers alike. It is advised to apply the latest available firmware updates to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd