PT-2023-8314 · Tenda · Tenda W9
Gd@Hillstone
·
Published
2023-12-26
·
Updated
2023-12-30
·
CVE-2023-51101
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda W9 version 1.0.0.7(4456) CN
Description
The issue is related to a stack overflow vulnerability in the
formSetUplinkInfo function of the Tenda W9 wireless access point's firmware, allowing an attacker to execute arbitrary code remotely by exploiting the buffer overflow in memory.Recommendations
For Tenda W9 version 1.0.0.7(4456) CN, consider disabling the
formSetUplinkInfo function as a temporary workaround until a patch is available.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W9