Sign-up

ID

VAR-202310-1257


CVE

CVE-2023-46370


DESCRIPTION

Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function

Trust: 0.99

sources: NVD: CVE-2023-46370 // VULMON: CVE-2023-46370

AFFECTED PRODUCTS

vendor:tendamodel:w18escope:eqversion:16.01.0.8\(1576\)

Trust: 1.0

sources: NVD: CVE-2023-46370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-46370
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2023-46370
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-46370

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2023-46370

EXTERNAL IDS

db:NVDid:CVE-2023-46370

Trust: 1.1

db:VULMONid:CVE-2023-46370

Trust: 0.1

sources: VULMON: CVE-2023-46370 // NVD: CVE-2023-46370

REFERENCES

url:https://github.com/archerber/bug_submit/blob/main/tenda/w18e/bug2.md

Trust: 1.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-46370 // NVD: CVE-2023-46370

SOURCES

db:VULMONid:CVE-2023-46370
db:NVDid:CVE-2023-46370

LAST UPDATE DATE

2024-08-14T15:00:03.192000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-46370date:2023-10-25T00:00:00
db:NVDid:CVE-2023-46370date:2023-11-01T20:05:45.640

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-46370date:2023-10-25T00:00:00
db:NVDid:CVE-2023-46370date:2023-10-25T18:17:37.830