CVE-2022-43104: n/a in n/a
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
AI Analysis
Technical Summary
CVE-2022-43104 is a critical stack overflow vulnerability identified in the Tenda AC23 router firmware version V16.03.07.45_cn. The vulnerability arises from improper handling of the wpapsk_crypto parameter within the fromSetWirelessRepeat function. Specifically, the function fails to properly validate or limit the input size for this parameter, leading to a stack-based buffer overflow condition (CWE-787). This type of vulnerability can allow an unauthenticated remote attacker to execute arbitrary code on the affected device without requiring user interaction. The CVSS 3.1 base score of 9.8 reflects the high severity, with attack vector being network-based (AV:N), no privileges required (PR:N), no user interaction (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation of this vulnerability could lead to complete compromise of the router, enabling attackers to manipulate network traffic, intercept sensitive data, or pivot into internal networks. Although no public exploits have been reported in the wild to date, the critical nature and ease of exploitation make this a significant threat to any environment using the affected Tenda AC23 firmware version. The lack of an official patch or vendor-provided mitigation increases the urgency for affected users to take protective measures.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Tenda AC23 routers in their network infrastructure. Compromise of these routers could lead to unauthorized access to internal networks, interception of confidential communications, and disruption of network availability. This is particularly concerning for small and medium enterprises (SMEs) and home office environments that may use consumer-grade routers without advanced security controls. Additionally, critical sectors such as finance, healthcare, and government agencies could face data breaches or operational disruptions if these devices are exploited. The vulnerability's network-based attack vector and lack of authentication requirement mean that attackers can remotely target vulnerable devices from anywhere, increasing the risk of widespread exploitation. Given the router’s role as a gateway device, successful exploitation could facilitate lateral movement within corporate networks, undermining overall cybersecurity posture.
Mitigation Recommendations
Since no official patch or firmware update is currently available, European organizations should implement immediate compensating controls. These include: 1) Isolating affected Tenda AC23 routers from direct internet exposure by placing them behind additional firewalls or VPNs; 2) Disabling remote management interfaces to prevent external access to router configuration; 3) Monitoring network traffic for unusual activity indicative of exploitation attempts; 4) Replacing vulnerable routers with devices from vendors that provide timely security updates and have a strong security track record; 5) Applying network segmentation to limit the impact of a compromised router; 6) Regularly auditing network devices to identify and inventory vulnerable hardware; and 7) Educating IT staff and users about the risks associated with consumer-grade routers and the importance of firmware updates. Organizations should also subscribe to vendor and security advisories to promptly apply patches once they become available.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2022-43104: n/a in n/a
Description
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
AI-Powered Analysis
Technical Analysis
CVE-2022-43104 is a critical stack overflow vulnerability identified in the Tenda AC23 router firmware version V16.03.07.45_cn. The vulnerability arises from improper handling of the wpapsk_crypto parameter within the fromSetWirelessRepeat function. Specifically, the function fails to properly validate or limit the input size for this parameter, leading to a stack-based buffer overflow condition (CWE-787). This type of vulnerability can allow an unauthenticated remote attacker to execute arbitrary code on the affected device without requiring user interaction. The CVSS 3.1 base score of 9.8 reflects the high severity, with attack vector being network-based (AV:N), no privileges required (PR:N), no user interaction (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation of this vulnerability could lead to complete compromise of the router, enabling attackers to manipulate network traffic, intercept sensitive data, or pivot into internal networks. Although no public exploits have been reported in the wild to date, the critical nature and ease of exploitation make this a significant threat to any environment using the affected Tenda AC23 firmware version. The lack of an official patch or vendor-provided mitigation increases the urgency for affected users to take protective measures.
Potential Impact
For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Tenda AC23 routers in their network infrastructure. Compromise of these routers could lead to unauthorized access to internal networks, interception of confidential communications, and disruption of network availability. This is particularly concerning for small and medium enterprises (SMEs) and home office environments that may use consumer-grade routers without advanced security controls. Additionally, critical sectors such as finance, healthcare, and government agencies could face data breaches or operational disruptions if these devices are exploited. The vulnerability's network-based attack vector and lack of authentication requirement mean that attackers can remotely target vulnerable devices from anywhere, increasing the risk of widespread exploitation. Given the router’s role as a gateway device, successful exploitation could facilitate lateral movement within corporate networks, undermining overall cybersecurity posture.
Mitigation Recommendations
Since no official patch or firmware update is currently available, European organizations should implement immediate compensating controls. These include: 1) Isolating affected Tenda AC23 routers from direct internet exposure by placing them behind additional firewalls or VPNs; 2) Disabling remote management interfaces to prevent external access to router configuration; 3) Monitoring network traffic for unusual activity indicative of exploitation attempts; 4) Replacing vulnerable routers with devices from vendors that provide timely security updates and have a strong security track record; 5) Applying network segmentation to limit the impact of a compromised router; 6) Regularly auditing network devices to identify and inventory vulnerable hardware; and 7) Educating IT staff and users about the risks associated with consumer-grade routers and the importance of firmware updates. Organizations should also subscribe to vendor and security advisories to promptly apply patches once they become available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-17T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981fc4522896dcbdcc23
Added to database: 5/21/2025, 9:08:47 AM
Last enriched: 7/3/2025, 2:10:23 PM
Last updated: 8/9/2025, 5:59:39 PM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.