CVE-2023-40898
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 24, 2023
Updated: Aug 29, 2023
CWE ID 787
Summary
CVE-2023-40898 is a stack overflow vulnerability affecting the Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn firmware. The issue is located in the /goform/SetSysTimeCfg page and can be exploited by sending malicious data through the timeZone parameter. Successful exploitation may lead to a denial-of-service (DoS) attack or potentially more severe consequences, such as unauthorized system access or data theft. The vulnerability poses a significant risk to users and requires an immediate patch or upgrade to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd