Details of VAR-202308-4145

ID

VAR-202308-4145

CVE

CVE-2023-38931

TITLE

plural Shenzhen Tenda Technology Co.,Ltd. Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-021662

DESCRIPTION

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. AC10 firmware, ac1206 firmware, AC8 firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-38931 // JVNDB: JVNDB-2023-021662

AFFECTED PRODUCTS

vendor:	tenda	model:	ac5	scope:	eq	version:	15.03.06.28	Trust: 1.0
vendor:	tenda	model:	ac1206	scope:	eq	version:	15.03.06.23	Trust: 1.0
vendor:	tenda	model:	ac10	scope:	eq	version:	16.03.10.13	Trust: 1.0
vendor:	tenda	model:	ac10	scope:	eq	version:	15.03.06.23	Trust: 1.0
vendor:	tenda	model:	ac7	scope:	eq	version:	15.03.06.44	Trust: 1.0
vendor:	tenda	model:	ac6	scope:	eq	version:	15.03.06.23	Trust: 1.0
vendor:	tenda	model:	ac8	scope:	eq	version:	16.03.34.06	Trust: 1.0
vendor:	tenda	model:	f1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	fh1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	ac1206	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac6	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac5	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	f1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac7	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac8	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-021662 // NVD: CVE-2023-38931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-38931
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-38931
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2023-38931
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-38931
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-021662 // NVD: CVE-2023-38931

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-021662 // NVD: CVE-2023-38931

EXTERNAL IDS

db:	NVD	id:	CVE-2023-38931	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-021662	Trust: 0.8

sources: JVNDB: JVNDB-2023-021662 // NVD: CVE-2023-38931

REFERENCES

url:	https://github.com/firmrec/iot-vulns/blob/main/tenda/cloudv2_setaccount/readme.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-38931	Trust: 0.8

sources: JVNDB: JVNDB-2023-021662 // NVD: CVE-2023-38931

SOURCES

db:	JVNDB	id:	JVNDB-2023-021662
db:	NVD	id:	CVE-2023-38931

LAST UPDATE DATE

2024-08-14T14:23:50.165000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-021662	date:	2024-01-19T07:51:00
db:	NVD	id:	CVE-2023-38931	date:	2023-08-10T17:17:05.110

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-021662	date:	2024-01-19T00:00:00
db:	NVD	id:	CVE-2023-38931	date:	2023-08-07T19:15:10.977