Vulnerabilities > CVE-2023-38935 - Out-of-bounds Write vulnerability in Tenda products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenda

CWE-787

critical

NVD

Published: 2023-08-07

Updated: 2023-08-10

Summary

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Ac1206 Firmware 15.03.06.23 Tenda AC5 Firmware 15.03.06.28 Tenda AC9 Firmware 15.03.06.42_Multi Tenda AC8 Firmware 16.03.34.06 Tenda Ac10 Firmware 16.03.10.13	5
Hardware	Tenda Tenda Ac1206 - Tenda AC5 1.0 Tenda AC9 3.0 Tenda AC8 4.0 Tenda Ac10 4.0	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md