ID
VAR-202308-3331
CVE
CVE-2023-40799
TITLE
Shenzhen Tenda Technology Co.,Ltd. of ac23 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. Shenzhen Tenda Technology Co.,Ltd. of ac23 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC23 is a dual-band wireless router for home use launched by Tenda, designed for large homes with high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the sub_450A4C function failing to properly validate the length of input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac23 | scope: | eq | version: | 16.03.07.45_cn | Trust: 1.0 |
| vendor: | tenda | model: | ac23 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac23 | scope: | eq | version: | ac23 firmware 16.03.07.45 cn | Trust: 0.8 |
| vendor: | tenda | model: | ac23 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac23 16.03.07.45 cn | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-40799 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2023-022685 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-27895 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-40799 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/lst-oss/vulnerability/blob/main/tenda/ac23/sub_450a4c | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-40799 | Trust: 0.8 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2025-27895 |
| db: | VULMON | id: | CVE-2023-40799 |
| db: | JVNDB | id: | JVNDB-2023-022685 |
| db: | NVD | id: | CVE-2023-40799 |
LAST UPDATE DATE
2025-11-19T23:25:04.637000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-27895 | date: | 2025-11-14T00:00:00 |
| db: | VULMON | id: | CVE-2023-40799 | date: | 2023-08-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-022685 | date: | 2024-01-24T01:32:00 |
| db: | NVD | id: | CVE-2023-40799 | date: | 2023-08-29T16:05:17.997 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-27895 | date: | 2025-11-14T00:00:00 |
| db: | VULMON | id: | CVE-2023-40799 | date: | 2023-08-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-022685 | date: | 2024-01-24T00:00:00 |
| db: | NVD | id: | CVE-2023-40799 | date: | 2023-08-25T15:15:09.307 |