CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*

History

28 Oct 2024, 20:35

Type	Values Removed	Values Added
CWE	~~CWE-122~~

05 Sep 2024, 14:35

Type	Values Removed	Values Added
CWE		CWE-122

14 Nov 2023, 19:42

Type	Values Removed	Values Added
References	~~() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md -~~	() https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CWE		CWE-787
First Time		Tenda ax1806 Tenda Tenda ax1806 Firmware
CPE		cpe:2.3:h:tenda:ax1806:-:::::::* cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:::::::*

07 Nov 2023, 15:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-07 15:15

Updated : 2024-10-28 20:35

NVD link : CVE-2023-47455

Mitre link : CVE-2023-47455

CVE.ORG link : CVE-2023-47455

JSON object : View

Products Affected

tenda

ax1806_firmware
ax1806

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-47455", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-11-07T15:15:10.870", "references": [{"url": "https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size."}, {"lang": "es", "value": "Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la funci\u00f3n setSchedWifi, en la que src y v12 se obtienen directamente del par\u00e1metro de solicitud http schedStartTime y schedEndTime sin verificar su tama\u00f1o."}], "lastModified": "2024-10-28T20:35:07.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "578F9769-EF24-4B52-83D3-9AA2C91A503D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ACA44369-A513-474F-8DD0-A81B598F5B07"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}