Skip to main content

CVE-2023-38823: n/a in n/a

Critical
VulnerabilityCVE-2023-38823cvecve-2023-38823
Published: Mon Nov 20 2023 (11/20/2023, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

AI-Powered Analysis

AILast updated: 07/11/2025, 02:48:32 UTC

Technical Analysis

CVE-2023-38823 is a critical buffer overflow vulnerability affecting multiple versions of Tenda routers, specifically the Ac19 v1.0, AC18, AC9 v1.0, and AC6 v1.0 and v2.0 models. The vulnerability resides in the formSetCfm function within the router's embedded HTTP daemon (bin/httpd). A buffer overflow occurs when the function improperly handles input data, allowing a remote attacker to overwrite memory beyond the intended buffer boundaries. This flaw enables the attacker to execute arbitrary code on the device without requiring any authentication or user interaction. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact includes full compromise of the router’s confidentiality, integrity, and availability. Although no public exploits have been reported yet, the ease of exploitation and critical impact make this vulnerability a significant threat. The CWE classification is CWE-120, which corresponds to classic buffer overflow issues that can lead to remote code execution. The lack of vendor or product-specific details beyond the router models suggests this is a firmware-level flaw in Tenda’s HTTP server implementation. Given the widespread use of Tenda routers in consumer and small business environments, this vulnerability could be leveraged to gain persistent control over network gateways, intercept or manipulate traffic, or pivot into internal networks.

Potential Impact

For European organizations, this vulnerability poses a substantial risk, particularly for small and medium enterprises (SMEs) and home office setups that commonly deploy Tenda routers due to their affordability and ease of use. Successful exploitation could lead to full compromise of the network gateway, enabling attackers to intercept sensitive communications, deploy malware, or establish persistent footholds within corporate networks. This could result in data breaches, disruption of business operations, and potential lateral movement to more critical infrastructure. The critical severity and lack of required authentication mean attackers can remotely exploit vulnerable devices over the internet or local networks. Additionally, compromised routers could be used as part of botnets or for launching further attacks, amplifying the threat landscape for European organizations. The absence of patches or official mitigations at the time of publication increases the urgency for organizations to implement interim protective measures.

Mitigation Recommendations

1. Immediate network segmentation: Isolate Tenda routers from critical internal networks to limit potential lateral movement if compromised. 2. Disable remote management interfaces on Tenda routers to reduce exposure to external attackers. 3. Monitor network traffic for unusual patterns or connections originating from or targeting Tenda devices. 4. Implement strict firewall rules to restrict inbound and outbound traffic to and from the router’s management interfaces. 5. Regularly check for firmware updates from Tenda and apply patches as soon as they become available. 6. Consider replacing vulnerable Tenda models with routers from vendors with a stronger security track record and active vulnerability management. 7. Employ network intrusion detection/prevention systems (IDS/IPS) that can detect exploitation attempts targeting HTTP daemon vulnerabilities. 8. Educate users and administrators about the risks associated with default or outdated router firmware and the importance of timely updates and configuration hardening.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-07-25T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f571b0bd07c3938a604

Added to database: 6/10/2025, 6:54:15 PM

Last enriched: 7/11/2025, 2:48:32 AM

Last updated: 8/1/2025, 6:27:26 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats