PT-2023-26693 · Tenda · Tenda Fh1202
Published
2023-08-07
·
Updated
2023-08-09
·
CVE-2023-38932
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda F1202 version 1.2.0.9
PA202 version 1.1.2.5
PW201A version 1.1.2.5
FH1202 version 1.2.0.9
Description
The issue is related to a stack overflow that occurs via the
page parameter in the SafeEmailFilter function. This allows for potential exploitation.Recommendations
For Tenda F1202 version 1.2.0.9, consider disabling the
SafeEmailFilter function until a patch is available.
For PA202 version 1.1.2.5, restrict access to the page parameter in the affected API endpoint until the issue is resolved.
For PW201A version 1.1.2.5, avoid using the page parameter in the SafeEmailFilter function until a fix is provided.
For FH1202 version 1.2.0.9, as a temporary workaround, consider restricting the use of the SafeEmailFilter function until an update is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Fh1202