Sign-up

ID

VAR-202306-0116


CVE

CVE-2023-33675


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC8  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-007621

DESCRIPTION

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC8 is a dual-band gigabit wireless router designed for homes with fiber optic connections up to 1000 Mbps. It supports dual-band concurrent transmission rates of up to 1167 Mbps and is equipped with full gigabit ports (one WAN port and three LAN ports), meeting broadband access needs between 100 and 1000 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.25

sources: NVD: CVE-2023-33675 // JVNDB: JVNDB-2023-007621 // CNVD: CNVD-2025-20717 // VULMON: CVE-2023-33675

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20717

AFFECTED PRODUCTS

vendor:tendamodel:ac8scope:eqversion:16.03.34.06

Trust: 1.0

vendor:tendamodel:ac8scope:eqversion:ac8 firmware 16.03.34.06

Trust: 0.8

vendor:tendamodel:ac8scope: - version: -

Trust: 0.8

vendor:tendamodel:ac8scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac8v4scope:eqversion:16.03.34.06

Trust: 0.6

sources: CNVD: CNVD-2025-20717 // JVNDB: JVNDB-2023-007621 // NVD: CVE-2023-33675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-33675
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-33675
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-33675
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-20717
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202306-138
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-20717
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-33675
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-33675
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20717 // CNNVD: CNNVD-202306-138 // JVNDB: JVNDB-2023-007621 // NVD: CVE-2023-33675 // NVD: CVE-2023-33675

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007621 // NVD: CVE-2023-33675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-138

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-138

EXTERNAL IDS

db:NVDid:CVE-2023-33675

Trust: 3.9

db:JVNDBid:JVNDB-2023-007621

Trust: 0.8

db:CNVDid:CNVD-2025-20717

Trust: 0.6

db:CNNVDid:CNNVD-202306-138

Trust: 0.6

db:VULMONid:CVE-2023-33675

Trust: 0.1

sources: CNVD: CNVD-2025-20717 // VULMON: CVE-2023-33675 // CNNVD: CNNVD-202306-138 // JVNDB: JVNDB-2023-007621 // NVD: CVE-2023-33675

REFERENCES

url:https://github.com/ddizzzy79/tenda-cve/blob/main/ac8v4.0/n5/readme.md

Trust: 3.1

url:https://github.com/ddizzzy79/tenda-cve/tree/main/ac8v4.0/n5

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-33675

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-33675/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-20717 // VULMON: CVE-2023-33675 // CNNVD: CNNVD-202306-138 // JVNDB: JVNDB-2023-007621 // NVD: CVE-2023-33675

SOURCES

db:CNVDid:CNVD-2025-20717
db:VULMONid:CVE-2023-33675
db:CNNVDid:CNNVD-202306-138
db:JVNDBid:JVNDB-2023-007621
db:NVDid:CVE-2023-33675

LAST UPDATE DATE

2025-09-08T23:15:58.538000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20717date:2025-09-05T00:00:00
db:VULMONid:CVE-2023-33675date:2023-06-02T00:00:00
db:CNNVDid:CNNVD-202306-138date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-007621date:2023-11-24T08:09:00
db:NVDid:CVE-2023-33675date:2025-01-08T21:15:10.757

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20717date:2025-09-05T00:00:00
db:VULMONid:CVE-2023-33675date:2023-06-02T00:00:00
db:CNNVDid:CNNVD-202306-138date:2023-06-02T00:00:00
db:JVNDBid:JVNDB-2023-007621date:2023-11-24T00:00:00
db:NVDid:CVE-2023-33675date:2023-06-02T20:15:09.733