Login Sign Up

CVE-2023-51956

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX1803 routers via a stack overflow in the formSetIptv function. Attackers can exploit this by sending specially crafted requests to the vulnerable parameter, potentially gaining full control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:
  • Tenda AX1803
Versions: v1.0.0.1
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface; no special configuration required for exploitation.

📦 What is this software?

Ax1803 Firmware by Tenda

View all CVEs affecting Ax1803 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, allowing attackers to install malware, pivot to internal networks, or create persistent backdoors.

🟠

Likely Case

Remote code execution enabling attackers to reconfigure the router, intercept network traffic, or launch attacks against internal devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal attacks remain possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available; exploitation requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for AX1803. 3. Log into router admin panel. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external attackers from accessing the vulnerable web interface.

Log into router admin panel, navigate to Advanced > System Tools > Remote Management, disable remote management

Restrict Web Interface Access

all

Limit access to the router's web interface to trusted IP addresses only.

Configure firewall rules to block port 80/443 access to router from untrusted networks

🧯 If You Can't Patch

  • Isolate affected routers in a separate network segment with strict firewall rules
  • Monitor network traffic for unusual HTTP requests to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin panel: System Status > Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is updated beyond v1.0.0.1

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to /goform/setIptv with long iptv.city.vlan parameters
  • Multiple failed login attempts followed by exploitation attempts

Network Indicators:

  • HTTP traffic to router management interface containing unusually long parameter values
  • Unexpected outbound connections from router

SIEM Query:

source="router_logs" AND (uri_path="/goform/setIptv" AND param_length>100)

📊 Metadata

CVE ID: CVE-2023-51956
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 10, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51956, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)