CVE-2023-41556
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-41556 is a stack overflow vulnerability affecting Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 routers. The flaw is located in the /goform/SetIpMacBind URL and can be exploited by sending maliciously crafted parameter lists, causing the stack to overflow and potentially leading to arbitrary code execution or denial of service conditions. Successful exploitation of this weakness could allow attackers to gain unauthorized access to the affected devices or disrupt their functionality. Users are advised to update their firmware as soon as patches become available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd