CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-49403

CVSS 9.8v3.1pub. 2023-12-07upd. 2024-11-21

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.

🤖 AI Analysis
How it works

The setFixTools function does not perform sufficient validation of user-supplied input data, leading to an out-of-bounds write error (CWE-787). An attacker can craft an appropriate network request containing a malicious payload that will be executed as a system command on the device. The attack is possible remotely, without authentication and without user interaction.

Impact

An attacker can gain full control over the device, including the ability to read and modify configuration, intercept network traffic, and use the router as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references provided. Until an update is applied, it is recommended to restrict access to the device's administrative panel only to trusted IP addresses and isolate the device from untrusted network segments.

Who is affected

Tenda W30E with firmware version V16.01.0.12(4843)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda W30e

    HW
    Tenda
    wszystkie wersje
  • Tenda W30e Firmware

    OS
    Tenda
    16.01.0.12\(4843\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-38835CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda W30E via parametr usbPartitionName

CVE-2026-24436CRITICAL9.2PL ✓ten sam produkt

Brak ograniczenia prób logowania w Tenda W30E — atak brute-force

CVE-2026-24429CRITICAL9.3PL ✓ten sam produkt

Tenda W30E V2 — predefiniowane domyślne hasło w firmware umożliwia nieautoryzowany dostęp

CVE-2025-57085CRITICAL9.8PL ✓ten sam produkt

Tenda W30E — stack overflow w funkcji UploadCfg (parametr v17)

CVE-2024-32286CRITICAL9.8PL ✓ten sam produkt

Stack overflow w Tenda W30E przez parametr 'page' w funkcji fromVirtualSer