Skip to main content

CVE-2023-51971: n/a in n/a

Critical
VulnerabilityCVE-2023-51971cvecve-2023-51971
Published: Wed Jan 10 2024 (01/10/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.

AI-Powered Analysis

AILast updated: 07/04/2025, 08:13:20 UTC

Technical Analysis

CVE-2023-51971 is a critical stack overflow vulnerability identified in the Tenda AX1803 router firmware version 1.0.0.1. The vulnerability arises from improper handling of the adv.iptv.stbpvid parameter within the getIptvInfo function. A stack overflow occurs when the input data exceeds the allocated buffer size on the stack, potentially allowing an attacker to overwrite adjacent memory, leading to arbitrary code execution or system crashes. Given the CVSS 3.1 base score of 9.8, this vulnerability is remotely exploitable (Attack Vector: Network), requires no privileges (PR:N), and no user interaction (UI:N), making it highly dangerous. The impact includes full compromise of confidentiality, integrity, and availability of the affected device. Exploitation could allow attackers to execute arbitrary code with the privileges of the router’s firmware, potentially enabling them to intercept, modify, or disrupt network traffic, launch further attacks within the network, or create persistent backdoors. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a significant threat to users of the Tenda AX1803 router. The lack of available patches at the time of publication increases the urgency for mitigation. The vulnerability is classified under CWE-787 (Out-of-bounds Write), a common and dangerous class of memory corruption bugs.

Potential Impact

For European organizations, the exploitation of this vulnerability could have severe consequences. Many small and medium enterprises (SMEs) and even some larger organizations use consumer-grade routers like the Tenda AX1803 for branch offices or remote sites due to cost-effectiveness. A compromised router can lead to interception of sensitive communications, unauthorized network access, and lateral movement within corporate networks. This can result in data breaches, intellectual property theft, disruption of business operations, and potential regulatory non-compliance under GDPR due to inadequate protection of personal data. The critical nature of the vulnerability means that attackers can gain full control over the device without authentication, increasing the risk of widespread compromise. Additionally, compromised routers can be leveraged as part of botnets or for launching distributed denial-of-service (DDoS) attacks, which can affect service availability for European organizations and their customers.

Mitigation Recommendations

1. Immediate network segmentation: Isolate Tenda AX1803 routers from critical network segments to limit potential lateral movement if compromised. 2. Disable IPTV features or the adv.iptv.stbpvid parameter if not in use, reducing the attack surface. 3. Monitor network traffic for unusual patterns or signs of exploitation attempts targeting the IPTV functionality. 4. Implement strict firewall rules to restrict inbound access to router management interfaces and IPTV-related services. 5. Regularly check for firmware updates from Tenda and apply patches promptly once available. 6. Consider replacing vulnerable devices with routers from vendors with a strong security track record and active vulnerability management. 7. Employ network intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting stack overflow vulnerabilities. 8. Educate IT staff about this vulnerability to ensure rapid response and mitigation in case of detection.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-12-26T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f0a31182aa0cae27f6ef3

Added to database: 6/3/2025, 2:44:01 PM

Last enriched: 7/4/2025, 8:13:20 AM

Last updated: 7/31/2025, 2:48:08 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats