CVE-2023-27079
Published: 23 March 2023
Summary
CVE-2023-27079 is a high-severity Command Injection (CWE-77) vulnerability in Tenda G103 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-27079 is a command injection vulnerability, tracked as CWE-77, that affects the Tenda G103 router running firmware version 1.0.05. The issue permits an attacker to obtain sensitive information by submitting a crafted package to the device and carries a CVSS 3.1 base score of 7.5 reflecting a network-accessible attack with no required credentials or user interaction.
An unauthenticated remote attacker can exploit the flaw over the network to read sensitive data from the router. The provided references consist of a GitHub repository entry that documents the vulnerability through a proof-of-concept package but contain no official vendor advisory or patch information.
EPSS scores for the CVE remain low, with a current value of 0.0575 and a peak of 0.0578, indicating limited observed exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30867
Vulnerability details
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.