Skip to main content

W15e Firmware CVE-2023-27065

HIGH
Classic Buffer Overflow (CWE-120)
2023-03-13 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 13, 2023 - 14:15 nvd
HIGH 7.5

DescriptionNVD

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

AnalysisAI

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. Affected products include: Tenda W15E Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2023-27063 CRITICAL POC
9.8 Mar 13

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainNam

CVE-2023-27061 CRITICAL POC
9.8 Mar 13

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterLi

CVE-2022-42058 CRITICAL POC
9.8 Nov 15

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage

CVE-2024-4127 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2024-4126 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vuln

CVE-2024-4125 HIGH POC
8.8 Apr 24

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this

CVE-2024-4124 HIGH POC
8.8 Apr 24

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), t

CVE-2024-4123 HIGH POC
8.8 Apr 24

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.

CVE-2024-4122 HIGH POC
8.8 Apr 24

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerab

CVE-2024-4121 HIGH POC
8.8 Apr 24

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vul

CVE-2024-4120 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2024-4119 HIGH POC
8.8 Apr 24

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

Share

CVE-2023-27065 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy