CVE-2023-49425

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 7, 2023
Updated: Dec 9, 2023
CWE ID 787

Summary

CVE-2023-49425 is a newly discovered vulnerability affecting the Tenda AX12 V22.03.01.46 firmware. This issue involves a stack overflow, which can be triggered through the deviceList parameter in the /goform/setMacFilterCfg URL. By sending specially crafted inputs to this endpoint, an attacker can potentially execute arbitrary code or crash the device, leading to a denial-of-service condition. This vulnerability poses a risk to network security and requires users to apply the latest security patches to mitigate it.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share