CVE-2023-38937 | SynScan

Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2023-38937

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

Published: Aug 7, 2023
Updated: Aug 11, 2023
CVE: CVE-2023-38937
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
tenda / ac10_firmware	15.03.06.23	15.03.06.23.x
tenda / ac1206_firmware	15.03.06.23	15.03.06.23.x
tenda / ac8_firmware	16.03.34.06	16.03.34.06.x
tenda / ac6_firmware	15.03.06.23	15.03.06.23.x
tenda / ac7_firmware	15.03.06.44	15.03.06.44.x
tenda / ac5_firmware	15.03.06.28	15.03.06.28.x
tenda / ac10_firmware	16.03.10.13	16.03.10.13.x
tenda / ac9_firmware	15.03.06.42_multi	15.03.06.42_multi.x

https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md