Details of VAR-202402-3466

ID

VAR-202402-3466

CVE

CVE-2023-47422

TITLE

plural Shenzhen Tenda Technology Co.,Ltd. Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-028828

DESCRIPTION

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. TX9 firmware, AX3 firmware, ax9 firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-47422 // JVNDB: JVNDB-2023-028828

AFFECTED PRODUCTS

vendor:	tenda	model:	ax12	scope:	eq	version:	22.03.01.46	Trust: 1.0
vendor:	tenda	model:	tx9	scope:	eq	version:	22.03.02.54	Trust: 1.0
vendor:	tenda	model:	ax3	scope:	eq	version:	16.03.12.11	Trust: 1.0
vendor:	tenda	model:	ax9	scope:	eq	version:	22.03.01.46	Trust: 1.0
vendor:	tenda	model:	ax9	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax12	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ax3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	tx9	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-028828 // NVD: CVE-2023-47422

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-47422
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-028828
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-47422
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-028828
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-028828 // NVD: CVE-2023-47422

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-028828 // NVD: CVE-2023-47422

EXTERNAL IDS

db:	NVD	id:	CVE-2023-47422	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-028828	Trust: 0.8

sources: JVNDB: JVNDB-2023-028828 // NVD: CVE-2023-47422

REFERENCES

url:	https://github.com/xiaobye-ctf/my-cve/tree/main/tenda/cve-2023-47422	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-47422	Trust: 0.8

sources: JVNDB: JVNDB-2023-028828 // NVD: CVE-2023-47422

SOURCES

db:	JVNDB	id:	JVNDB-2023-028828
db:	NVD	id:	CVE-2023-47422

LAST UPDATE DATE

2025-05-02T22:44:19.397000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-028828	date:	2025-05-01T06:15:00
db:	NVD	id:	CVE-2023-47422	date:	2025-04-25T20:26:01.170

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-028828	date:	2025-05-01T00:00:00
db:	NVD	id:	CVE-2023-47422	date:	2024-02-20T22:15:08.143