CVE-2023-40798: Input Validation
First published: Fri Aug 25 2023(Updated: )
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac23 Firmware | =16.03.07.45_cn | |
| Tenda AC23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Tenda AC23 vulnerability?
The vulnerability ID for this Tenda AC23 vulnerability is CVE-2023-40798.
What is the severity of the vulnerability CVE-2023-40798?
The severity of the vulnerability CVE-2023-40798 is high (8.8).
What is the affected software for vulnerability CVE-2023-40798?
The affected software for vulnerability CVE-2023-40798 is Tenda Ac23 Firmware version 16.03.07.45_cn.
How does the vulnerability CVE-2023-40798 occur?
The vulnerability CVE-2023-40798 occurs due to the lack of authentication of user input parameters in the formSetIPv6status and formGetWanParameter functions in Tenda AC23 v16.03.07.45_cn.
Is Tenda AC23 vulnerable to CVE-2023-40798?
Yes, Tenda AC23 with firmware version 16.03.07.45_cn is vulnerable to CVE-2023-40798.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac23 firmware
- version/tenda ac23 firmware/16.03.07.45_cn
- canonical/tenda ac23