CVE-2023-40847: Buffer Overflow
First published: Wed Aug 30 2023(Updated: )
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac6 Firmware | =15.03.05.16 | |
| Tenda AC6 | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Tenda AC6 firmware vulnerability?
The vulnerability ID is CVE-2023-40847.
What is the severity level of CVE-2023-40847?
The severity level of CVE-2023-40847 is critical with a score of 9.8.
What is the affected software of this vulnerability?
The affected software is Tenda Ac6 Firmware version 15.03.05.16.
How does the vulnerability occur in Tenda AC6 firmware?
The vulnerability occurs due to a buffer overflow in the function "initIpAddrInfo" where a user-provided parameter is passed without any length check.
Is Tenda AC6 version 1.0 affected by this vulnerability?
No, Tenda AC6 version 1.0 is not affected by this vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenda
- canonical/tenda ac6 firmware
- version/tenda ac6 firmware/15.03.05.16
- canonical/tenda ac6
- version/tenda ac6/1.0