CVE-2023-40797 — Improper Input Validation in Ac23 Firmware

CWE-20 — Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 68.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac23 Firmware
Timeline
PublishedAug 25

Description

In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

â–¶NVDtenda/ac23_firmware16.03.07.45_cn

🔴Vulnerability Details

2
GHSA
GHSA-38rw-jgwg-5764: In Tenda AC23 v16↗2023-08-25
â–¶
CVEList
CVE-2023-40797: In Tenda AC23 v16↗2023-08-25
â–¶
CVE-2023-40797 — Improper Input Validation in Tenda | cvebase