CVE-2023-37710 — Out-of-bounds Write in Ac10 Firmware

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 64.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ac10 Firmware Tenda Ac1206 Firmware

Timeline

PublishedJul 10

Description

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtenda/ac10_firmware15.03.06.47

▶NVDtenda/ac1206_firmware15.03.06.23

🔴Vulnerability Details

CVEList

CVE-2023-37710: Tenda AC1206 V15↗2023-07-10

▶

GHSA

GHSA-6c2m-vp47-m6fq: Tenda AC1206 V15↗2023-07-10

▶