CVE-2023-49425
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 7, 2023
Updated: Dec 9, 2023
CWE ID 787
Summary
CVE-2023-49425 is a newly discovered vulnerability affecting the Tenda AX12 V22.03.01.46 firmware. This issue involves a stack overflow, which can be triggered through the deviceList parameter in the /goform/setMacFilterCfg URL. By sending specially crafted inputs to this endpoint, an attacker can potentially execute arbitrary code or crash the device, leading to a denial-of-service condition. This vulnerability poses a risk to network security and requires users to apply the latest security patches to mitigate it.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd