Login Sign Up

CVE-2023-39672

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2023-39672 is a critical buffer overflow vulnerability in Tenda WH450 routers caused by improper bounds checking in the fgets function. This allows remote attackers to execute arbitrary code on affected devices. Users of Tenda WH450 routers with firmware version 1.0.0.18 are vulnerable.

💻 Affected Systems

Products:
  • Tenda WH450
Versions: v1.0.0.18
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Wh450a Firmware by Tenda

View all CVEs affecting Wh450a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to remote code execution, persistent backdoor installation, network traffic interception, and lateral movement to other devices on the network.

🟠

Likely Case

Router takeover allowing attackers to modify DNS settings, intercept traffic, deploy malware to connected devices, or use the router as part of a botnet.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to router management interfaces.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a network-facing service, making remote exploitation straightforward with available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tenda website for latest firmware

Vendor Advisory: https://www.tendacn.com/download/list-3.html

Restart Required: Yes

Instructions:

1. Visit Tenda's download page for WH450. 2. Download the latest firmware version. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

  • Replace affected routers with patched or alternative devices
  • Implement strict firewall rules blocking all external access to router management ports

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

Login to router web interface and check System Status page

Verify Fix Applied:

Confirm firmware version is updated to a version later than v1.0.0.18

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts to router management interface
  • Multiple failed connection attempts followed by successful access
  • Unexpected firmware modification logs

Network Indicators:

  • Unusual outbound connections from router
  • DNS hijacking patterns
  • Traffic redirection to unexpected destinations

SIEM Query:

source="router_logs" AND (event_type="authentication" AND result="failure" AND count>10) OR (event_type="firmware_update" AND user!="admin")

📊 Metadata

CVE ID: CVE-2023-39672
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: August 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39672, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)