Vulnerability Description
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | Ac10 Firmware | 15.03.06.23 |
| Tenda | Ac10 | 1.0 |
| Tenda | Ac1206 Firmware | 15.03.06.23 |
| Tenda | Ac1206 | - |
| Tenda | Ac8 Firmware | 16.03.34.06 |
| Tenda | Ac8 | 4.0 |
| Tenda | Ac6 Firmware | 15.03.06.23 |
| Tenda | Ac6 | 2.0 |
| Tenda | Ac7 Firmware | 15.03.06.44 |
| Tenda | Ac7 | 1.0 |
| Tenda | F1203 Firmware | 2.0.1.6 |
| Tenda | F1203 | - |
| Tenda | Ac5 Firmware | 15.03.06.28 |
| Tenda | Ac5 | 1.0 |
| Tenda | Fh1203 Firmware | 2.0.1.6 |
| Tenda | Fh1203 | - |
Related Weaknesses (CWE)
References
- https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.mExploitThird Party Advisory
- https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.mExploitThird Party Advisory
FAQ
What is CVE-2023-38931?
CVE-2023-38931 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 ...
How severe is CVE-2023-38931?
CVE-2023-38931 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-38931?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda Ac10 Firmware, Tenda Ac10, Tenda Ac1206 Firmware, Tenda Ac1206, Tenda Ac8 Firmware.