CVE-2023-33673 – This vulnerability is a stack overflow in Tenda... (How to Fix)

Q: What is the severity of CVE-2023-33673?

CVE-2023-33673 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a stack overflow in Tenda AC8 routers via the firewallEn parameter in the formSetFirewallCfg function. It allows remote attackers to execute arbitrary code or cause denial of service. Affects users of Tenda AC8 routers with vulnerable firmware.

📋 TL;DR

This vulnerability is a stack overflow in Tenda AC8 routers via the firewallEn parameter in the formSetFirewallCfg function. It allows remote attackers to execute arbitrary code or cause denial of service. Affects users of Tenda AC8 routers with vulnerable firmware.

💻 Affected Systems

Products:

Tenda AC8 router

Versions: V16.03.34.06

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Ac8 Firmware by Tenda

View all CVEs affecting Ac8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, network takeover, and lateral movement.

🟠

Likely Case

Denial of service causing router crashes and network disruption.

🟢

If Mitigated

Limited impact if isolated from untrusted networks and patched promptly.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing, making them accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub; exploitation appears straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

Check Tenda website for firmware updates; if available, download and flash via admin interface.

🔧 Temporary Workarounds

Disable remote management

all

Prevents external exploitation by disabling remote access features.

Access router admin panel > Advanced > Remote Management > Disable

Network segmentation

all

Isolate router management interface from untrusted networks.

Configure firewall rules to restrict access to router IP on port 80/443

🧯 If You Can't Patch

Replace router with a non-vulnerable model
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin panel under System Status.

Check Version:

Not applicable; use web interface at http://router_ip

Verify Fix Applied:

Verify firmware version is updated to a non-vulnerable release.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to formSetFirewallCfg
Router crash logs

Network Indicators:

Traffic to router management interface with malformed firewallEn parameter

SIEM Query:

http.method:POST AND http.uri:"/goform/setFirewallCfg" AND http.param:"firewallEn"

📊 Metadata

CVE ID: CVE-2023-33673

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 2, 2023

Last Updated: January 8, 2025

🔗 References

https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N6/README.md Exploit,Third Party Advisory
https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N6
https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N6/README.md Exploit,Third Party Advisory
https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N6

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33673, you might also want to check these: