Details of VAR-202312-1774

ID

VAR-202312-1774

CVE

CVE-2023-51094

TITLE

Tenda M3 TendaTelnet method command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-05742

DESCRIPTION

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. Tenda M3 is an access control controller produced by China Tenda Company. This vulnerability is caused by the failure of the TendaTelnet method to correctly filter special characters and commands in constructed commands

Trust: 1.44

sources: NVD: CVE-2023-51094 // CNVD: CNVD-2024-05742

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-05742

AFFECTED PRODUCTS

vendor:	tenda	model:	m3	scope:	eq	version:	1.0.0.12\(4856\)	Trust: 1.0
vendor:	tenda	model:	m3	scope:	eq	version:	v1.0.0.12(4856)	Trust: 0.6

sources: CNVD: CNVD-2024-05742 // NVD: CVE-2023-51094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-51094
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-05742
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-05742
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-51094
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-05742 // NVD: CVE-2023-51094

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2023-51094

PATCH

title:

Patch for Tenda M3 TendaTelnet method command execution vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/521201

Trust: 0.6

sources: CNVD: CNVD-2024-05742

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51094	Trust: 1.6
db:	CNVD	id:	CNVD-2024-05742	Trust: 0.6

sources: CNVD: CNVD-2024-05742 // NVD: CVE-2023-51094

REFERENCES

url:

https://github.com/gd008/tenda/blob/main/m3/telnet/m3_telnet.md

Trust: 1.6

sources: CNVD: CNVD-2024-05742 // NVD: CVE-2023-51094

SOURCES

db:	CNVD	id:	CNVD-2024-05742
db:	NVD	id:	CVE-2023-51094

LAST UPDATE DATE

2024-08-14T15:20:46.270000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-05742	date:	2024-01-25T00:00:00
db:	NVD	id:	CVE-2023-51094	date:	2023-12-30T03:19:05.307

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-05742	date:	2024-01-25T00:00:00
db:	NVD	id:	CVE-2023-51094	date:	2023-12-26T18:15:08.267