Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38931

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

Published

2023-08-07T19:15:10.977

Last Modified

2024-11-21T08:14:28.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	ac10_firmware	15.03.06.23	Yes
Hardware	tenda	ac10	1.0	No
Operating System	tenda	ac1206_firmware	15.03.06.23	Yes
Hardware	tenda	ac1206	-	No
Operating System	tenda	ac8_firmware	16.03.34.06	Yes
Hardware	tenda	ac8	4.0	No
Operating System	tenda	ac6_firmware	15.03.06.23	Yes
Hardware	tenda	ac6	2.0	No
Operating System	tenda	ac7_firmware	15.03.06.44	Yes
Hardware	tenda	ac7	1.0	No
Operating System	tenda	f1203_firmware	2.0.1.6	Yes
Hardware	tenda	f1203	-	No
Operating System	tenda	ac5_firmware	15.03.06.28	Yes
Hardware	tenda	ac5	1.0	No
Operating System	tenda	ac10_firmware	16.03.10.13	Yes
Hardware	tenda	ac10	4.0	No
Operating System	tenda	fh1203_firmware	2.0.1.6	Yes
Hardware	tenda	fh1203	-	No

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md Exploit, Third Party Advisory ([email protected])
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)