CVE-2023-23080

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

4.6%

top 10.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda CP3 Firmware Tenda CP7 Firmware Tenda It7-lcs Firmware +2 more

Timeline

PublishedFeb 27

Description

Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDtenda/cp3_firmware20220906024_2025

▶NVDtenda/cp7_firmware1.10.00.2211041403

▶NVDtenda/it7-lcs_firmware2209020914

▶NVDtenda/it7-pcs_firmware2209020914

▶NVDtenda/it7-prs_firmware2209020908

🔴Vulnerability Details

CVEList

CVE-2023-23080: Certain Tenda products are vulnerable to command injection↗2023-02-27

▶

GHSA

GHSA-36v3-rxv6-r759: Certain Tenda products are vulnerable to command injection↗2023-02-27

▶