Login Sign Up

CVE-2023-51095

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

Tenda M3 routers running firmware version 1.0.0.12(4856) contain a stack-based buffer overflow vulnerability in the formDelWlRfPolicy function. This allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted requests. The vulnerability affects all users of these specific router models with the vulnerable firmware.

💻 Affected Systems

Products:
  • Tenda M3
Versions: V1.0.0.12(4856)
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects this specific firmware version. Earlier or later versions may not be vulnerable.

📦 What is this software?

M3 Firmware by Tenda

View all CVEs affecting M3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing router crashes and network disruption, potentially requiring physical reset.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability appears to be remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable interface by disabling remote administration features.

Network segmentation

all

Isolate the Tenda M3 router on a separate network segment to limit potential lateral movement.

🧯 If You Can't Patch

  • Replace the router with a different model or from a different vendor
  • Implement strict firewall rules to block all external access to the router's management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If it shows V1.0.0.12(4856), the device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Version page.

Verify Fix Applied:

After firmware update, verify the version no longer shows V1.0.0.12(4856). Test that the router functions normally.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed connection attempts to router management interface
  • Unusual traffic patterns to router's web interface port
  • Router crash/reboot logs

Network Indicators:

  • Unusual HTTP POST requests to router management endpoints
  • Traffic spikes to router's management port from external sources

SIEM Query:

source_ip=external AND dest_port=80 OR dest_port=443 AND dest_ip=router_ip AND http_method=POST AND uri_contains="formDelWlRfPolicy"

📊 Metadata

CVE ID: CVE-2023-51095
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51095, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)