PT-2023-4611 · Tenda · Tenda Ac8
Published
2023-08-24
·
Updated
2023-08-29
·
CVE-2023-40896
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda AC8 version US AC8V4.0si V16.03.34.06 cn
Description
The issue is related to a stack overflow vulnerability via the
parameter list and bindnum at the "/goform/SetIpMacBind" API endpoint. This vulnerability can be exploited by a remote attacker to cause a denial of service or execute arbitrary code.Recommendations
For Tenda AC8 version US AC8V4.0si V16.03.34.06 cn, as a temporary workaround, consider disabling the "/goform/SetIpMacBind" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the
parameter list and bindnum variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Ac8