CVE-2023-40798 — Improper Input Validation in Ac23 Firmware

CWE-20 — Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 68.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Ac23 Firmware
Timeline
PublishedAug 25

Description

In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

â–¶NVDtenda/ac23_firmware16.03.07.45_cn

🔴Vulnerability Details

2
CVEList
CVE-2023-40798: In Tenda AC23 v16↗2023-08-25
â–¶
GHSA
GHSA-mmrw-88mx-92rq: In Tenda AC23 v16↗2023-08-25
â–¶
CVE-2023-40798 — Improper Input Validation in Tenda | cvebase