CVE-2023-40896
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 24, 2023
Updated: Aug 29, 2023
CWE ID 787
Summary
CVE-2023-40896 is a newly discovered stack overflow vulnerability affecting the Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn firmware. The issue is located in the "/goform/SetIpMacBind" function, where a parameter list and bindnum can be manipulated to cause an overflow in the stack memory. This vulnerability can potentially be exploited by attackers to execute arbitrary code, leading to serious security implications. Users of the affected device are advised to update their firmware as soon as a patch becomes available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd