CVE-2023-49043
Published: 27 November 2023
Summary
CVE-2023-49043 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Tenda Ax1803 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A buffer overflow vulnerability exists in Tenda AX1803 firmware version 1.0.0.1 within the fromSetWirelessRepeat function, triggered by the wpapsk_crypto parameter and tracked as CWE-787. The flaw received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack conditions that require no authentication or user interaction.
Unauthenticated remote attackers can send a crafted request to the affected wireless configuration endpoint, causing memory corruption that permits arbitrary code execution with full control over the device confidentiality, integrity, and availability.
Public references consist of technical write-ups and proof-of-concept material hosted on GitHub; no vendor advisory or firmware patch information is included in the supplied references. The associated EPSS score has remained stable at 0.3261 with no material upward trajectory observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-53067
Vulnerability details
Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability in the web function fromSetWirelessRepeat allows remote attackers to achieve arbitrary code execution on the Tenda AX1803 router, a public-facing network device, directly facilitating T1190: Exploit Public-Facing Application.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.