CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md	Exploit Third Party Advisory
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-07 15:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47455

Mitre link : CVE-2023-47455

CVE.ORG link : CVE-2023-47455

JSON object : View

Products Affected

tenda

ax1806_firmware
ax1806

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-47455", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-11-07T15:15:10.870", "references": [{"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size."}, {"lang": "es", "value": "Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la funci\u00f3n setSchedWifi, en la que src y v12 se obtienen directamente del par\u00e1metro de solicitud http schedStartTime y schedEndTime sin verificar su tama\u00f1o."}], "lastModified": "2024-11-21T08:30:18.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "578F9769-EF24-4B52-83D3-9AA2C91A503D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ACA44369-A513-474F-8DD0-A81B598F5B07"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}