CVE-2023-40901 - Vulnerability Details - OpenCVE

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Tenda	Ac10 Ac10v4 Ac10v4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tenda:ac10v4_firmware:16.03.10.13:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac10v4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md
https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md
https://nvd.nist.gov/vuln/detail/CVE-2023-40901

History

Wed, 02 Oct 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda ac10
CPEs		cpe:2.3:h:tenda:ac10:-:::::::*
Vendors & Products		Tenda ac10
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-24T00:00:00

Updated: 2024-10-02T20:46:45.169Z

Reserved: 2023-08-22T00:00:00

Link: CVE-2023-40901

Vulnrichment

Updated: 2024-08-02T18:46:11.214Z

NVD

Status : Modified

Published: 2023-08-24T18:15:08.227

Modified: 2024-11-21T08:20:17.133

Link: CVE-2023-40901

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-40901", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-02T20:46:45.169Z", "dateReserved": "2023-08-22T00:00:00", "datePublished": "2023-08-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-30T21:04:29.293392"}, "descriptions": [{"lang": "en", "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md"}, {"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.214Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md", "tags": ["x_transferred"]}, {"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md", "tags": ["x_transferred"]}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "tenda", "product": "ac10", "cpes": ["cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v4_us_ac10v4.0si_v16.03.10.13_cn", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T20:45:05.774318Z", "id": "CVE-2023-40901", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T20:46:45.169Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md", "tags": ["x_transferred"]}, {"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md", "tags": ["x_transferred"]}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.214Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40901", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-02T20:45:05.774318Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"], "vendor": "tenda", "product": "ac10", "versions": [{"status": "affected", "version": "v4_us_ac10v4.0si_v16.03.10.13_cn"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T20:46:40.696Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md"}, {"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901"}], "descriptions": [{"lang": "en", "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-30T21:04:29.293392"}}}, "cveMetadata": {"cveId": "CVE-2023-40901", "state": "PUBLISHED", "dateUpdated": "2024-10-02T20:46:45.169Z", "dateReserved": "2023-08-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-24T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac10v4_firmware:16.03.10.13:*:*:*:*:*:*:*", "matchCriteriaId": "C271BB10-1525-45C4-B7D2-C7D303ABE7BB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac10v4:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8B17FBE-ABA4-4AD0-A9E4-58987116A9B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg."}], "id": "CVE-2023-40901", "lastModified": "2024-11-21T08:20:17.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-24T18:15:08.227", "references": [{"source": "cve@mitre.org", "url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md"}, {"source": "cve@mitre.org", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40901"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}