PT-2023-27691 · Tenda · Tenda Ac8
Publicado
2023-08-24
·
Atualizado
2023-08-29
·
CVE-2023-40898
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda AC8 version US AC8V4.0si V16.03.34.06 cn
Description
A stack overflow issue was discovered via the
timeZone parameter at the "/goform/SetSysTimeCfg" API endpoint. This issue affects the Tenda AC8 router.Recommendations
For Tenda AC8 version US AC8V4.0si V16.03.34.06 cn, as a temporary workaround, consider restricting access to the "/goform/SetSysTimeCfg" API endpoint to minimize the risk of exploitation. Avoid using the
timeZone parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tenda Ac8