CVE-2023-38929 - Vulnerability Details

Vendors	Products
Tenda	4g300 4g300 Firmware

Link	Providers
https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38929", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-11T13:20:13.342Z", "dateReserved": "2023-07-25T00:00:00", "datePublished": "2023-08-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:54:39.253Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "tenda", "product": "4g300", "cpes": ["cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.01.42", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T13:19:19.073905Z", "id": "CVE-2023-38929", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T13:20:13.342Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-38929 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-10-11T13:20:13.342Z (string)

dateReserved : 2023-07-25T00:00:00 (string)

datePublished : 2023-08-07T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-08-07T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:54:39.253Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : tenda (string)

product : 4g300 (string)

cpes : [ »

0 : cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : v1.01.42 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-11T13:19:19.073905Z (string)

id : CVE-2023-38929 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-11T13:20:13.342Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38929", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-11T13:20:13.342Z", "dateReserved": "2023-07-25T00:00:00", "datePublished": "2023-08-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:54:39.253Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38929", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-11T13:19:19.073905Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*"], "vendor": "tenda", "product": "4g300", "versions": [{"status": "affected", "version": "v1.01.42"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T13:20:08.127Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-38929 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-10-11T13:20:13.342Z (string)

dateReserved : 2023-07-25T00:00:00 (string)

datePublished : 2023-08-07T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-08-07T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:54:39.253Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-38929 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-11T13:19:19.073905Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:* (string)

]

vendor : tenda (string)

product : 4g300 (string)

versions : [ »

0 : { »

status : affected (string)

version : v1.01.42 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-11T13:20:08.127Z (string)

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*", "matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer."}], "id": "CVE-2023-38929", "lastModified": "2024-11-21T08:14:27.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T19:15:10.843", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B8A63A3E-E6B1-42C8-ABA8-5E19777392B5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. (string)

}

]

id : CVE-2023-38929 (string)

lastModified : 2024-11-21T08:14:27.650 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-08-07T19:15:10.843 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/VirtualSer/README.md (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object