CVE-2023-42320 – A buffer overflow vulnerability in Tenda AC10V4... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda AC10V4 routers allows remote attackers to cause denial of service by sending specially crafted requests to the GetParentControlInfo function. This affects Tenda AC10V4 routers running vulnerable firmware versions, potentially disrupting network connectivity for affected devices.

💻 Affected Systems

Products:

Tenda AC10V4

Versions: v.US_AC10V4.0si_V16.03.10.13_cn_TDC01

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Ac10 Firmware by Tenda

View all CVEs affecting Ac10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, or bricking of the router requiring hardware replacement.

🟠

Likely Case

Denial of service causing router crash and network disruption until manual reboot, potentially with configuration loss.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal network attacks remain possible.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web interfaces exposed to WAN by default.

🏢 Internal Only: HIGH - Attackers on the local network can exploit this vulnerability without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains proof-of-concept code demonstrating the buffer overflow via the mac parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates
2. If update available, download and install via router web interface
3. Reboot router after update
4. Verify firmware version is no longer vulnerable

🔧 Temporary Workarounds

Disable remote management

all

Prevent external exploitation by disabling WAN access to router administration interface

Network segmentation

all

Isolate router management interface to separate VLAN with restricted access

🧯 If You Can't Patch

Replace vulnerable router with different model or manufacturer
Place router behind dedicated firewall with strict inbound rules blocking all unnecessary ports

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Status or similar section

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or similar firmware info command

Verify Fix Applied:

Confirm firmware version has changed from vulnerable version after update

📡 Detection & Monitoring

Log Indicators:

Repeated router crashes/reboots
Unusual requests to GetParentControlInfo endpoint
Large payloads in HTTP requests to router

Network Indicators:

Unusual traffic patterns to router management interface
Multiple connection attempts to router web interface from single source

SIEM Query:

source="router_logs" AND ("GetParentControlInfo" OR "mac=" AND content_length>100)

📊 Metadata

CVE ID: CVE-2023-42320

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 18, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md Exploit,Third Party Advisory
https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42320, you might also want to check these: