CVE-2023-40839: OS Command Injection
First published: Wed Aug 30 2023(Updated: )
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac6 Firmware | =15.03.05.16 | |
| Tenda AC6 | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Tenda AC6 firmware vulnerability?
The vulnerability ID is CVE-2023-40839.
What is the severity level of CVE-2023-40839?
The severity level of CVE-2023-40839 is critical.
What is the affected software version?
The affected software version is Tenda AC6 firmware version 15.03.05.16.
Is Tenda AC6 version 1.0 vulnerable?
No, Tenda AC6 version 1.0 is not vulnerable to CVE-2023-40839.
How can I mitigate the CVE-2023-40839 vulnerability?
To mitigate the CVE-2023-40839 vulnerability, update to the latest version of the Tenda AC6 firmware.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac6 firmware
- version/tenda ac6 firmware/15.03.05.16
- canonical/tenda ac6
- version/tenda ac6/1.0