CVE-2023-41558

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2023
Updated: Aug 31, 2023
CWE ID 787

Summary

CVE-2023-41558 is a stack overflow vulnerability affecting Tenda AC7 routers running V1.0 V15.03.06.44 firmware. The issue lies in the /goform/SetSysTimeCfg URL, which contains a parameter named timeZone. An attacker can exploit this vulnerability by sending maliciously crafted timeZone data, causing the stack to overflow and potentially leading to code execution or denial-of-service conditions. This vulnerability poses a significant risk to affected devices and networks, and it is crucial for users to update their firmware as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share