CVE-2023-40896

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2023
Updated: Aug 29, 2023
CWE ID 787

Summary

CVE-2023-40896 is a newly discovered stack overflow vulnerability affecting the Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn firmware. The issue is located in the "/goform/SetIpMacBind" function, where a parameter list and bindnum can be manipulated to cause an overflow in the stack memory. This vulnerability can potentially be exploited by attackers to execute arbitrary code, leading to serious security implications. Users of the affected device are advised to update their firmware as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share