CVE-2023-51964 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-51964?

CVE-2023-51964 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Tenda AX1803 routers by exploiting a stack overflow in the setIptvInfo function. Attackers can send specially crafted requests to the iptv.stb.port parameter to gain control of affected devices. All users running the vulnerable firmware version are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Tenda AX1803 routers by exploiting a stack overflow in the setIptvInfo function. Attackers can send specially crafted requests to the iptv.stb.port parameter to gain control of affected devices. All users running the vulnerable firmware version are affected.

💻 Affected Systems

Products:

Tenda AX1803

Versions: v1.0.0.1

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically enabled by default.

📦 What is this software?

Ax1803 Firmware by Tenda

View all CVEs affecting Ax1803 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, pivot to internal networks, intercept all network traffic, or brick the device.

🟠

Likely Case

Remote code execution leading to device takeover, creation of botnet nodes, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a web interface function and requires no authentication. Public technical details exist but no confirmed weaponized exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda support for firmware updates. 2. Download latest firmware from official Tenda website. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable web interface

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected devices with patched alternatives
Implement strict firewall rules blocking all inbound access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or System Tools

Check Version:

Login to router web interface and check System Status page

Verify Fix Applied:

Verify firmware version is no longer v1.0.0.1 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setIptvInfo
Multiple failed authentication attempts followed by successful access
Abnormal process creation in router logs

Network Indicators:

Unusual outbound connections from router
Traffic spikes to/from router management port
Suspicious payloads in HTTP requests to router

SIEM Query:

source="router_logs" AND (uri="/goform/setIptvInfo" OR process="exploit")

📊 Metadata

CVE ID: CVE-2023-51964

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 10, 2024

Last Updated: June 3, 2025

🔗 References

https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd Exploit,Third Party Advisory
https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51964, you might also want to check these: