CVE-2023-40942 - Vulnerability Details

Vendors	Products
Tenda	Ac9v3.0br
Tendacn	Ac9 Ac9 Firmware

Link	Providers
https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda ac9v3.0br
CPEs		cpe:2.3:o:tenda:ac9v3.0br::::::::
Vendors & Products		Tenda Tenda ac9v3.0br
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-40942", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-26T17:38:40.912Z", "dateReserved": "2023-08-22T00:00:00", "datePublished": "2023-09-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-07T14:33:43.109474"}, "descriptions": [{"lang": "en", "value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.408Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "tenda", "product": "ac9v3.0br", "cpes": ["cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "V15.03.06.42_multi_TD01", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T17:34:57.218929Z", "id": "CVE-2023-40942", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T17:38:40.912Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-40942 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-09-26T17:38:40.912Z (string)

dateReserved : 2023-08-22T00:00:00 (string)

datePublished : 2023-09-07T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-07T14:33:43.109474 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T18:46:11.408Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : tenda (string)

product : ac9v3.0br (string)

cpes : [ »

0 : cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : V15.03.06.42_multi_TD01 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-26T17:34:57.218929Z (string)

id : CVE-2023-40942 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-26T17:38:40.912Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.408Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40942", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T17:34:57.218929Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:*"], "vendor": "tenda", "product": "ac9v3.0br", "versions": [{"status": "affected", "version": "V15.03.06.42_multi_TD01"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T17:38:24.383Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"}], "descriptions": [{"lang": "en", "value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-07T14:33:43.109474"}}}, "cveMetadata": {"cveId": "CVE-2023-40942", "state": "PUBLISHED", "dateUpdated": "2024-09-26T17:38:40.912Z", "dateReserved": "2023-08-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-07T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T18:46:11.408Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-40942 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-26T17:34:57.218929Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:* (string)

]

vendor : tenda (string)

product : ac9v3.0br (string)

versions : [ »

0 : { »

status : affected (string)

version : V15.03.06.42_multi_TD01 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-26T17:38:24.383Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-07T14:33:43.109474 (string)

}

cveMetadata : { »

cveId : CVE-2023-40942 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-26T17:38:40.912Z (string)

dateReserved : 2023-08-22T00:00:00 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2023-09-07T00:00:00 (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi_td0:*:*:*:*:*:*:*", "matchCriteriaId": "07B8F0DC-1319-4DA8-BAA9-2C6467607E4F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg."}, {"lang": "es", "value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 se descubri\u00f3 un desbordamiento de pila a trav\u00e9s del par\u00e1metro 'firewall_value' en url /goform/SetFirewallCfg."}], "id": "CVE-2023-40942", "lastModified": "2024-11-21T08:20:19.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-07T15:15:07.767", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi_td0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B8F0DC-1319-4DA8-BAA9-2C6467607E4F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : CA49FEFD-41B5-4038-883D-989AB85D6CF5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. (string)

}

1 : { »

lang : es (string)

value : Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 se descubrió un desbordamiento de pila a través del parámetro 'firewall_value' en url /goform/SetFirewallCfg. (string)

}

]

id : CVE-2023-40942 (string)

lastModified : 2024-11-21T08:20:19.703 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-07T15:15:07.767 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object