CVE-2023-41558
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-41558 is a stack overflow vulnerability affecting Tenda AC7 routers running V1.0 V15.03.06.44 firmware. The issue lies in the /goform/SetSysTimeCfg URL, which contains a parameter named timeZone. An attacker can exploit this vulnerability by sending maliciously crafted timeZone data, causing the stack to overflow and potentially leading to code execution or denial-of-service conditions. This vulnerability poses a significant risk to affected devices and networks, and it is crucial for users to update their firmware as soon as a patch becomes available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd