CVE-2023-0782

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.
Overview
  • CVE ID
  • CVE-2023-0782
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-11T18:15:11
  • Last Modified Date
  • 2023-02-22T16:44:47
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:tenda:ac23_firmware:16.03.07.45:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://github.com/jingping911/tendaAC23overflow/blob/main/README.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.220640 Permissions Required Third Party Advisory
https://vuldb.com/?id.220640 Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:31:58 Added to TrackCVE
2023-04-17 07:32:00 Weakness Enumeration new
2023-04-17 08:16:13 CVSS V3 information new
2023-04-17 08:16:13 CVSS V2 information new