CVE-2023-41556

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2023
Updated: Aug 31, 2023
CWE ID 787

Summary

CVE-2023-41556 is a stack overflow vulnerability affecting Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 routers. The flaw is located in the /goform/SetIpMacBind URL and can be exploited by sending maliciously crafted parameter lists, causing the stack to overflow and potentially leading to arbitrary code execution or denial of service conditions. Successful exploitation of this weakness could allow attackers to gain unauthorized access to the affected devices or disrupt their functionality. Users are advised to update their firmware as soon as patches become available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share