← back
CVE-2023-4744

Tenda AC8 formSetDeviceName stack-based overflow

CVSS 9.8 CRITICALEPSS 1.7%CWE-121
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Tenda · AC8
public PoCs found1
cve_referencegithub.com/GleamingEyes/vul/blob/main/tenda_ac8/ac8_1.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/GleamingEyes/vul/blob/main/tenda_ac8/ac8_1.mdhttps://vuldb.com/?ctiid.238633https://vuldb.com/?id.238633