CVE-2023-40800
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 25, 2023
Updated: Aug 29, 2023
CWE ID 20
Summary
CVE-2023-40800 is a newly disclosed vulnerability affecting Tenda AC23 routers running version 16.03.07.45_cn. The compare_parentcontrol_time function in the software fails to authenticate user input parameters, leading to a post-authentication stack overflow. An attacker could exploit this vulnerability by sending specially crafted data to the router, potentially gaining unauthorized control or causing it to crash. This issue poses a significant risk to users and requires immediate attention and patching.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd