CVE-2023-40848
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-40848 is a newly disclosed vulnerability affecting the firmware of Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin. The issue lies in the "sub_7D858" function, which is susceptible to a Buffer Overflow attack. An attacker can exploit this vulnerability by sending maliciously crafted data to the affected device, potentially leading to unintended execution of code or system crashes. Successful exploitation could allow an attacker to gain unauthorized access or control over the device, or even spread malware to other connected networks. Users are advised to update their firmware as soon as a patch is available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd