CVE-2023-23080: Command Injection
First published: Mon Feb 27 2023(Updated: )
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda It7-lcs Firmware | <=2209020914 | |
| Tenda IT7-LCS | ||
| Tenda It7-pcs Firmware | <=2209020914 | |
| Tenda IT7-PCS | ||
| Tenda It7-prs Firmware | <=2209020908 | |
| Tenda IT7-PRS | ||
| Tenda Cp3 Firmware | <=20220906024_2025 | |
| Tenda CP3 | ||
| Tenda Cp7 Firmware | <=1.10.00.2211041403 | |
| Tenda CP7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
Which Tenda products are affected by the command injection vulnerability (CVE-2023-23080)?
Tenda CP7 (up to V11.10.00.2211041403), Tenda CP3 v.10 (up to V20220906024_2025), Tenda IT7-PCS (up to V2209020914), Tenda IT7-LCS (up to V2209020914), and Tenda IT7-PRS (up to V2209020908) are affected.
What is the severity level of CVE-2023-23080?
The severity level of CVE-2023-23080 is critical with a score of 9.8.
How can I fix the command injection vulnerability in Tenda products affected by CVE-2023-23080?
Updating the firmware of Tenda CP7, Tenda CP3 v.10, Tenda IT7-PCS, Tenda IT7-LCS, and Tenda IT7-PRS to versions higher than the vulnerable versions will fix the command injection vulnerability.
Where can I find more information about the command injection vulnerability in Tenda products (CVE-2023-23080)?
You can find more information about the command injection vulnerability in Tenda products (CVE-2023-23080) at the following link: [https://github.com/fxc233/iot-vul/tree/main/Tenda/IPC](https://github.com/fxc233/iot-vul/tree/main/Tenda/IPC).
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-23080?
The Common Weakness Enumeration (CWE) ID associated with CVE-2023-23080 is CWE-77.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda it7-lcs firmware
- version/tenda it7-lcs firmware/2209020914
- canonical/tenda it7-lcs
- canonical/tenda it7-pcs firmware
- version/tenda it7-pcs firmware/2209020914
- canonical/tenda it7-pcs
- canonical/tenda it7-prs firmware
- version/tenda it7-prs firmware/2209020908
- canonical/tenda it7-prs
- canonical/tenda cp3 firmware
- version/tenda cp3 firmware/20220906024_2025
- canonical/tenda cp3
- canonical/tenda cp7 firmware
- version/tenda cp7 firmware/1.10.00.2211041403
- canonical/tenda cp7