CVE-2023-31587
Published: 16 May 2023
Summary
CVE-2023-31587 is a critical-severity an unspecified weakness vulnerability in Tenda Ac5 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Tenda AC5 router firmware version V15.03.06.28 contains a remote code execution vulnerability in the Mac parameter processed by the endpoint ip/goform/WriteFacMac. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible attack complexity that requires no authentication or user interaction and yields full compromise of confidentiality, integrity, and availability.
An unauthenticated attacker with network reachability to the router can supply a crafted Mac value to the affected endpoint and execute arbitrary code on the device. Successful exploitation grants the attacker complete control over the router, enabling actions such as traffic interception, persistence, or use of the device as an entry point into attached networks.
Vendor references point to firmware downloads hosted on Tenda’s site, indicating that updated builds are the intended remediation path, while public proof-of-concept material on GitHub documents the parameter handling issue.
EPSS for the CVE reached a peak of 0.0624 on 2026-05-17 before receding to the current value of 0.0311.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35884
Vulnerability details
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.