Heap Overflow Vulnerability in Tenda AX1806 V1.0.0.1's setSchedWifi Function

CVE-2023-47455 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

Learn more about our Web Application Penetration Testing UK.