Vulnerabilities > CVE-2023-40901 - Out-of-bounds Write vulnerability in Tenda Ac10V4 Firmware 16.03.10.13

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenda

CWE-787

critical

NVD

Published: 2023-08-24

Updated: 2023-08-30

Summary

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Ac10V4 Firmware 16.03.10.13	1
Hardware	Tenda Tenda Ac10V4 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md
https://nvd.nist.gov/vuln/detail/CVE-2023-40901
https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md