CVE-2023-48194

CRITICAL

Tenda Ac8 Firmware - Out-of-Bounds Write

Title source: rule

Description

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.

Exploits (1)

nomisec WORKING POC

by zt20xx · poc

https://github.com/zt20xx/CVE-2023-48194

View Code ZIP pw:eip

References (3)

[Not Applicable] http://tenda.com

[Exploit] https://github.com/zt20xx/CVE-2023-48194

[Various Sources] https://www.tenda.com.cn/download/detail-3683.html

Scores

CVSS v3 9.8

EPSS 0.0043

EPSS Percentile 62.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

tenda/ac8_firmware 16.03.34.09

Published Jul 09, 2024

Tracked Since Feb 18, 2026