Sign-up

ID

VAR-202312-0418


CVE

CVE-2023-49403


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  w30e  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-018793

DESCRIPTION

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the setFixTools function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2023-49403 // JVNDB: JVNDB-2023-018793 // CNVD: CNVD-2023-98200

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-98200

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:eqversion:16.01.0.12\(4843\)

Trust: 1.0

vendor:tendamodel:w30escope:eqversion:w30e firmware 16.01.0.12(4843)

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope:eqversion:v16.01.0.12(4843)

Trust: 0.6

sources: CNVD: CNVD-2023-98200 // JVNDB: JVNDB-2023-018793 // NVD: CVE-2023-49403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-49403
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-49403
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-98200
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-98200
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-49403
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-49403
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-98200 // JVNDB: JVNDB-2023-018793 // NVD: CVE-2023-49403

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-018793 // NVD: CVE-2023-49403

EXTERNAL IDS

db:NVDid:CVE-2023-49403

Trust: 3.2

db:JVNDBid:JVNDB-2023-018793

Trust: 0.8

db:CNVDid:CNVD-2023-98200

Trust: 0.6

sources: CNVD: CNVD-2023-98200 // JVNDB: JVNDB-2023-018793 // NVD: CVE-2023-49403

REFERENCES

url:https://github.com/gd008/tenda/blob/main/w30e/tenda_w30e_setfixtools/w30e_setfixtools.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-49403

Trust: 1.4

sources: CNVD: CNVD-2023-98200 // JVNDB: JVNDB-2023-018793 // NVD: CVE-2023-49403

SOURCES

db:CNVDid:CNVD-2023-98200
db:JVNDBid:JVNDB-2023-018793
db:NVDid:CVE-2023-49403

LAST UPDATE DATE

2024-08-14T14:23:43.065000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-98200date:2023-12-18T00:00:00
db:JVNDBid:JVNDB-2023-018793date:2024-01-12T01:18:00
db:NVDid:CVE-2023-49403date:2023-12-09T04:45:02.677

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-98200date:2023-12-15T00:00:00
db:JVNDBid:JVNDB-2023-018793date:2024-01-12T00:00:00
db:NVDid:CVE-2023-49403date:2023-12-07T17:15:07.280