CVE-2023-40801 : The sub_451784 function does not validate the parameters entered by the user, re

The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn

Published 2023-08-25 15:15:09

Updated 2023-08-29 16:12:57

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2023-40801

Tenda » Ac23 » Version: N/A
cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tenda » Ac23 Firmware » Version: 16.03.07.45 Cn

Exploit prediction scoring system (EPSS) score for CVE-2023-40801

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-40801

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-40801

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-40801

https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_451784

Vulnerability/Tenda/AC23/sub_451784 at main · lst-oss/Vulnerability · GitHub
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-40801

Products affected by CVE-2023-40801

Exploit prediction scoring system (EPSS) score for CVE-2023-40801

CVSS scores for CVE-2023-40801

CWE ids for CVE-2023-40801

References for CVE-2023-40801