Vulnerabilities > CVE-2023-38932 - Out-of-bounds Write vulnerability in Tenda products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenda

CWE-787

critical

NVD

Published: 2023-08-07

Updated: 2023-08-09

Summary

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda F1202 Firmware 1.2.0.9 Tenda Pa202 Firmware 1.1.2.5 Tenda Pw201A Firmware 1.1.2.5 Tenda Fh1202 Firmware 1.2.0.9	4
Hardware	Tenda Tenda F1202 - Tenda Pa202 - Tenda Pw201A - Tenda Fh1202 -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formSafeEmailFilter
https://www.netgear.com/about/security/