CVE-2023-40902

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2023
Updated: Aug 30, 2023
CWE ID 787

Summary

CVE-2023-40902 is a stack overflow vulnerability affecting the Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn firmware. The issue arises from a flaw in the /goform/SetIpMacBind function, which can be exploited by sending maliciously crafted parameter lists and bindnum data to the device. A successful attack could result in denial-of-service conditions or potentially more severe consequences, such as remote code execution, if an attacker can inject and execute arbitrary code on the affected system. Users are advised to update their firmware as soon as a secure patch is released to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share