ID
VAR-202306-0114
CVE
CVE-2023-33670
TITLE
Shenzhen Tenda Technology Co.,Ltd. of AC8 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-band gigabit wireless router designed for homes with fiber optic connections up to 1000 Mbps. It supports dual-band concurrent transmission rates of up to 1167 Mbps and is equipped with full gigabit ports (one WAN port and three LAN ports), meeting broadband access needs between 100 and 1000 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac8 | scope: | eq | version: | 16.03.34.06 | Trust: 1.0 |
| vendor: | tenda | model: | ac8 | scope: | eq | version: | ac8 firmware 16.03.34.06 | Trust: 0.8 |
| vendor: | tenda | model: | ac8 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac8 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac8v4 | scope: | eq | version: | 16.03.34.06 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-33670 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2023-007625 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-20718 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202306-141 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-33670 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/ddizzzy79/tenda-cve/blob/main/ac8v4.0/n3/readme.md | Trust: 3.1 |
| url: | https://github.com/ddizzzy79/tenda-cve/tree/main/ac8v4.0/n3 | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-33670 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2023-33670/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2025-20718 |
| db: | VULMON | id: | CVE-2023-33670 |
| db: | CNNVD | id: | CNNVD-202306-141 |
| db: | JVNDB | id: | JVNDB-2023-007625 |
| db: | NVD | id: | CVE-2023-33670 |
LAST UPDATE DATE
2025-09-08T23:15:58.567000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-20718 | date: | 2025-09-05T00:00:00 |
| db: | VULMON | id: | CVE-2023-33670 | date: | 2023-06-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-141 | date: | 2023-06-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-007625 | date: | 2023-11-24T08:09:00 |
| db: | NVD | id: | CVE-2023-33670 | date: | 2025-01-08T21:15:09.780 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-20718 | date: | 2025-09-05T00:00:00 |
| db: | VULMON | id: | CVE-2023-33670 | date: | 2023-06-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-202306-141 | date: | 2023-06-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-007625 | date: | 2023-11-24T00:00:00 |
| db: | NVD | id: | CVE-2023-33670 | date: | 2023-06-02T20:15:09.563 |