CVE-2023-33669

CRITICAL

Tenda AC8V4.0-V16.03.34.06 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-33669. PoCs published by retr0reg, dhammerg.

AI-analyzed exploit summary This repository contains a working PoC for multiple stack-based buffer overflow vulnerabilities in Tenda AC8V4.0si_V16.03.34.06, leading to remote code execution via ROP chain exploitation. The exploit leverages TFTP to host a pre-compiled loader for a reverse shell.

Description

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.

Exploits (2)

nomisec WORKING POC 6 stars

by retr0reg · poc

https://github.com/retr0reg/tenda-ac8v4-rop

View Code ZIP pw:eip

This repository contains a working PoC for multiple stack-based buffer overflow vulnerabilities in Tenda AC8V4.0si_V16.03.34.06, leading to remote code execution via ROP chain exploitation. The exploit leverages TFTP to host a pre-compiled loader for a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Tenda AC8V4.0si_V16.03.34.06

No auth needed

Prerequisites: Network access to the target device · TFTP server hosting the pre-compiled loader · Python environment to run the exploit script

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by dhammerg · poc

https://github.com/dhammerg/CVE-2023-33669

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in the Tenda AC8 router (firmware US_AC8V4.0si_V16.03.34.06) to achieve remote code execution via a crafted ROP chain. The payload downloads and executes a netcat binary via TFTP to establish a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tenda AC8 router (firmware US_AC8V4.0si_V16.03.34.06)

No auth needed

Prerequisites: Network access to the target router · TFTP server hosting the netcat binary · Python environment with 'requests' and 'pwntools' libraries

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N1/README.md

Various Sources

https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N1

Scores

CVSS v3 9.8

EPSS 0.0209

EPSS Percentile 79.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

tenda/ac8_firmware 16.03.34.06

Published Jun 02, 2023

Tracked Since Feb 18, 2026