Details of VAR-202401-0657

ID

VAR-202401-0657

CVE

CVE-2023-51952

TITLE

Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02214)

Trust: 0.6

sources: CNVD: CNVD-2024-02214

DESCRIPTION

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. This vulnerability is caused by the adv.iptv.stbpvid parameter of the formSetIptv method failing to correctly verify the length of the input data. An attacker can use this vulnerability to execute arbitrary code on the system or Lead to denial of service attacks

Trust: 1.44

sources: NVD: CVE-2023-51952 // CNVD: CNVD-2024-02214

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-02214

AFFECTED PRODUCTS

vendor:	tenda	model:	ax1803	scope:	eq	version:	1.0.0.1	Trust: 1.0
vendor:	tenda	model:	ax1803	scope:	eq	version:	v1.0.0.1	Trust: 0.6

sources: CNVD: CNVD-2024-02214 // NVD: CVE-2023-51952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-51952
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-02214
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-02214
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-51952
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-02214 // NVD: CVE-2023-51952

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2023-51952

PATCH

title:

Patch for Tenda AX1803 buffer overflow vulnerability (CNVD-2024-02214)

url:

https://www.cnvd.org.cn/patchInfo/show/516416

Trust: 0.6

sources: CNVD: CNVD-2024-02214

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51952	Trust: 1.6
db:	CNVD	id:	CNVD-2024-02214	Trust: 0.6

sources: CNVD: CNVD-2024-02214 // NVD: CVE-2023-51952

REFERENCES

url:

https://grove-laser-8ad.notion.site/tenda-ax1803-buffer-overflow-in-formsetiptv-d758f5dba8f646afaf5cddc6f8d3ec70

Trust: 1.6

sources: CNVD: CNVD-2024-02214 // NVD: CVE-2023-51952

SOURCES

db:	CNVD	id:	CNVD-2024-02214
db:	NVD	id:	CVE-2023-51952

LAST UPDATE DATE

2024-08-14T14:59:53.940000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-02214	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-51952	date:	2024-01-13T01:37:13.637

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-02214	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-51952	date:	2024-01-10T15:15:08.997