CVE-2023-40898

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2023
Updated: Aug 29, 2023
CWE ID 787

Summary

CVE-2023-40898 is a stack overflow vulnerability affecting the Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn firmware. The issue is located in the /goform/SetSysTimeCfg page and can be exploited by sending malicious data through the timeZone parameter. Successful exploitation may lead to a denial-of-service (DoS) attack or potentially more severe consequences, such as unauthorized system access or data theft. The vulnerability poses a significant risk to users and requires an immediate patch or upgrade to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share