CVE-2023-37716 - OpenCVE

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tenda	Ac10 Ac1206 Fh1202 Ac7 Ac5 Firmware Ac5 Ac1206 Firmware Ac9 Firmware Ac9 Fh1202 Firmware Ac7 Firmware Ac10 Firmware F1202 F1202 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\(408\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*

cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*

cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tenda:ac5_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tenda:ac9_firmware:3.0:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-14T00:00:00

Updated: 2023-07-14T00:00:00

Reserved: 2023-07-10T00:00:00

Link: CVE-2023-37716

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-14T00:15:09.430

Modified: 2023-07-21T14:33:30.690

Link: CVE-2023-37716

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*", "matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*", "matchCriteriaId": "C36B9BA7-B171-453D-951B-23CA2F19111A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*", "matchCriteriaId": "83FA7DD8-061F-4893-ADBB-1FD1E6849107", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54F7AF9E-E4EC-4060-B1F4-29A891970DDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF48C35A-8042-4E7B-B672-8904B999E9AE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*", "matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD539CFA-4D45-4776-9E62-66EB123456BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3BEE979-5BF3-48ED-AF42-0546D4F896E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac5_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A71BB02-CEFA-4B73-8B24-D4217C261D39", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A74C4FD-76A0-4E7C-94E0-EC293F379DD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac9_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7D1050F-CA28-4365-8C46-6D6AF7572EAA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FD1430E-DC2E-4042-9389-1FD90ECDBE4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting."}], "id": "CVE-2023-37716", "lastModified": "2023-07-21T14:33:30.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-14T00:15:09.430", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}