Skip to main content

CVE-2023-45481: n/a in n/a

Critical
VulnerabilityCVE-2023-45481cvecve-2023-45481
Published: Wed Nov 29 2023 (11/29/2023, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.

AI-Powered Analysis

AILast updated: 07/07/2025, 10:29:11 UTC

Technical Analysis

CVE-2023-45481 is a critical stack overflow vulnerability identified in the Tenda AC10 router, specifically in the firmware version US_AC10V4.0si_V16.03.10.13_cn. The vulnerability arises from improper handling of the firewallEn parameter within the SetFirewallCfg function. A stack overflow occurs when more data is written to a buffer located on the stack than it can hold, potentially allowing an attacker to overwrite adjacent memory. This can lead to arbitrary code execution, denial of service, or system compromise. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level. It requires no authentication (PR:N) and no user interaction (UI:N), and can be exploited remotely over the network (AV:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H). The scope is unchanged (S:U), meaning the vulnerability affects the vulnerable component only. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the critical severity makes this a significant threat. The vulnerability is categorized under CWE-121, which relates to stack-based buffer overflows. No official patches or vendor advisories are currently linked, indicating that affected users should be vigilant and apply updates once available or implement mitigations to reduce exposure.

Potential Impact

For European organizations, this vulnerability poses a severe risk, especially for those using Tenda AC10 routers in their network infrastructure. Successful exploitation could allow attackers to gain unauthorized control over the device, leading to interception or manipulation of network traffic, disruption of internet connectivity, or pivoting to internal networks. This could result in data breaches, operational downtime, and compromise of sensitive information. Given the criticality and remote exploitability without authentication, attackers could target vulnerable routers en masse, potentially impacting small and medium enterprises, home offices, and branch networks that rely on these devices. The lack of patches increases the window of exposure. Additionally, compromised routers could be leveraged as part of botnets or for launching further attacks against European entities, amplifying the threat landscape.

Mitigation Recommendations

European organizations should immediately inventory their network devices to identify any Tenda AC10 routers running the vulnerable firmware version US_AC10V4.0si_V16.03.10.13_cn. Until an official patch is released, organizations should restrict remote access to router management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disabling remote management features and UPnP on these devices can reduce exposure. Monitoring network traffic for unusual patterns or signs of exploitation attempts is advised. Organizations should also subscribe to vendor advisories and CVE databases for updates on patches or workarounds. Where possible, replacing vulnerable devices with alternative models that receive timely security updates is recommended. Employing network intrusion detection systems (NIDS) with signatures for stack overflow attempts targeting Tenda routers can provide early warning. Finally, educating users about the risks and encouraging prompt firmware updates when available will help mitigate the threat.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-10-09T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6841a29c182aa0cae2e196cb

Added to database: 6/5/2025, 1:58:52 PM

Last enriched: 7/7/2025, 10:29:11 AM

Last updated: 8/8/2025, 2:43:16 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats