Vulnerabilities > CVE-2023-38938 - Out-of-bounds Write vulnerability in Tenda products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenda

CWE-787

critical

NVD

Published: 2023-08-07

Updated: 2023-08-09

Summary

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda F1202 Firmware 1.2.0.9 Tenda Pa202 Firmware 1.1.2.5 Tenda Pw201A Firmware 1.1.2.5 Tenda Fh1202 Firmware 1.2.0.9	4
Hardware	Tenda Tenda F1202 - Tenda Pa202 - Tenda Pw201A - Tenda Fh1202 -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm