ID

VAR-202401-0357


CVE

CVE-2023-51959


TITLE

Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02209)

Trust: 0.6

sources: CNVD: CNVD-2024-02209

DESCRIPTION

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formGetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Trust: 1.44

sources: NVD: CVE-2023-51959 // CNVD: CNVD-2024-02209

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-02209

AFFECTED PRODUCTS

vendor:tendamodel:ax1803scope:eqversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ax1803scope:eqversion:v1.0.0.1

Trust: 0.6

sources: CNVD: CNVD-2024-02209 // NVD: CVE-2023-51959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51959
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-02209
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-02209
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-51959
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-02209 // NVD: CVE-2023-51959

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2023-51959

PATCH

title:Patch for Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02209)url:https://www.cnvd.org.cn/patchInfo/show/516441

Trust: 0.6

sources: CNVD: CNVD-2024-02209

EXTERNAL IDS

db:NVDid:CVE-2023-51959

Trust: 1.6

db:CNVDid:CNVD-2024-02209

Trust: 0.6

sources: CNVD: CNVD-2024-02209 // NVD: CVE-2023-51959

REFERENCES

url:https://grove-laser-8ad.notion.site/tenda-ax1803-buffer-overflow-in-formgetiptv-0fcc584fcda44b1c837e42d5d732957a

Trust: 1.6

sources: CNVD: CNVD-2024-02209 // NVD: CVE-2023-51959

SOURCES

db:CNVDid:CNVD-2024-02209
db:NVDid:CVE-2023-51959

LAST UPDATE DATE

2024-08-14T15:20:45.115000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-02209date:2024-01-15T00:00:00
db:NVDid:CVE-2023-51959date:2024-01-13T01:36:56.537

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-02209date:2024-01-15T00:00:00
db:NVDid:CVE-2023-51959date:2024-01-10T15:15:09.347