CVE-2023-27015 – This vulnerability in Tenda AC10 routers allows... (How to Fix)

📋 TL;DR

This vulnerability in Tenda AC10 routers allows attackers to cause denial of service or execute arbitrary code by exploiting a stack overflow in the sub_4A75C0 function. Attackers can achieve this by sending a specially crafted payload to vulnerable devices. Users of Tenda AC10 routers with the affected firmware version are at risk.

💻 Affected Systems

Products:

Tenda AC10

Versions: US_AC10V4.0si_V16.03.10.13_cn

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific firmware version for the Chinese market variant appears affected based on available information.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote code execution, enabling attackers to take full control of the router, intercept network traffic, pivot to internal networks, or install persistent malware.

🟠

Likely Case

Router crash causing denial of service, disrupting internet connectivity for all connected devices until manual reboot.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal attackers could still exploit if network access is available.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Detailed technical analysis and proof-of-concept code is publicly available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. If update available, download and follow vendor flashing instructions
3. Factory reset after update to ensure clean configuration
4. Verify firmware version after update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router from untrusted networks and restrict WAN access

Disable Remote Management

all

Turn off remote administration features to prevent external exploitation

🧯 If You Can't Patch

Replace vulnerable router with different model or vendor
Place router behind dedicated firewall with strict ingress filtering

🔍 How to Verify

Check if Vulnerable:

Check router web interface or console for exact firmware version string

Check Version:

Check router admin interface at 192.168.0.1 or 192.168.1.1 under System Status

Verify Fix Applied:

Verify firmware version no longer matches vulnerable version after update

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual traffic patterns to router management interface
Memory corruption errors in system logs

Network Indicators:

Malformed packets targeting router management ports
Unexpected outbound connections from router

SIEM Query:

source="router.logs" AND (event="crash" OR event="reboot" OR message="*overflow*" OR message="*corruption*")

📊 Metadata

CVE ID: CVE-2023-27015

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 7, 2023

Last Updated: February 12, 2025

🔗 References

https://github.com/DrizzlingSun/Tenda/blob/main/AC10/4/4.md Exploit,Third Party Advisory
https://github.com/DrizzlingSun/Tenda/blob/main/AC10/4/4.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27015, you might also want to check these: