Sign-up

ID

VAR-202401-2496


CVE

CVE-2023-51962


TITLE

Tenda AX1803 setIptvInfo method iptv.stb.mode parameter buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-20306

DESCRIPTION

Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda company. There is a buffer overflow vulnerability in the Tenda AX1803 v1.0.0.1 version. The vulnerability is caused by the iptv.stb.mode parameter of the setIptvInfo method failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack.

Trust: 0.6

sources: CNVD: CNVD-2024-20306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-20306

AFFECTED PRODUCTS

vendor:tendamodel:ax1803scope:eqversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ax1803scope:eqversion:v1.0.0.1

Trust: 0.6

sources: CNVD: CNVD-2024-20306 // NVD: CVE-2023-51962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51962
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-20306
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-20306
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-51962
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-20306 // NVD: CVE-2023-51962

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2023-51962

PATCH

title:Patch for Tenda AX1803 setIptvInfo method iptv.stb.mode parameter buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/541156

Trust: 0.6

sources: CNVD: CNVD-2024-20306

EXTERNAL IDS

db:NVDid:CVE-2023-51962

Trust: 1.6

db:CNVDid:CNVD-2024-20306

Trust: 0.6

sources: CNVD: CNVD-2024-20306 // NVD: CVE-2023-51962

REFERENCES

url:https://grove-laser-8ad.notion.site/tenda-ax1803-buffer-overflow-in-setiptvinfo-944beaf189db4bf49f99a7a7418c7bdd

Trust: 1.6

sources: CNVD: CNVD-2024-20306 // NVD: CVE-2023-51962

SOURCES

db:CNVDid:CNVD-2024-20306
db:NVDid:CVE-2023-51962

LAST UPDATE DATE

2024-08-14T14:59:52.525000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-20306date:2024-04-25T00:00:00
db:NVDid:CVE-2023-51962date:2024-01-13T01:36:45.693

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-20306date:2024-04-12T00:00:00
db:NVDid:CVE-2023-51962date:2024-01-10T16:15:49.763