Details of VAR-202310-1075

ID

VAR-202310-1075

CVE

CVE-2023-46369

TITLE

Tenda W18E Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-20280

DESCRIPTION

Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. Tenda W18E is a wireless router from China's Tenda company. The vulnerability is caused by the portMirrorMirroredPorts parameter in the formSetNetCheckTools function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 1.53

sources: NVD: CVE-2023-46369 // CNVD: CNVD-2024-20280 // VULMON: CVE-2023-46369

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-20280

AFFECTED PRODUCTS

vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8\(1576\)	Trust: 1.0
vendor:	tenda	model:	w18e	scope:	eq	version:	v16.01.0.8(1576)	Trust: 0.6

sources: CNVD: CNVD-2024-20280 // NVD: CVE-2023-46369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-46369
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46369
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-20280
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-20280
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-46369
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2024-20280 // NVD: CVE-2023-46369 // NVD: CVE-2023-46369

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2023-46369

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46369	Trust: 1.7
db:	CNVD	id:	CNVD-2024-20280	Trust: 0.6
db:	VULMON	id:	CVE-2023-46369	Trust: 0.1

sources: CNVD: CNVD-2024-20280 // VULMON: CVE-2023-46369 // NVD: CVE-2023-46369

REFERENCES

url:	https://github.com/archerber/bug_submit/blob/main/tenda/w18e/bug1.md	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46369	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-20280 // VULMON: CVE-2023-46369 // NVD: CVE-2023-46369

SOURCES

db:	CNVD	id:	CNVD-2024-20280
db:	VULMON	id:	CVE-2023-46369
db:	NVD	id:	CVE-2023-46369

LAST UPDATE DATE

2024-09-12T23:25:11.482000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-20280	date:	2024-04-25T00:00:00
db:	VULMON	id:	CVE-2023-46369	date:	2023-10-25T00:00:00
db:	NVD	id:	CVE-2023-46369	date:	2024-09-11T18:35:12.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-20280	date:	2024-04-12T00:00:00
db:	VULMON	id:	CVE-2023-46369	date:	2023-10-25T00:00:00
db:	NVD	id:	CVE-2023-46369	date:	2023-10-25T18:17:37.790