CVE-2023-27012 in AC10
Summary
by MITRE • 04/07/2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/14/2025
The vulnerability identified as CVE-2023-27012 affects the Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn firmware version, representing a critical stack overflow flaw within the setSchedWifi function. This issue resides in the router's web interface handling mechanism, where improper input validation allows malicious actors to manipulate the device's memory structure. The vulnerability stems from insufficient bounds checking when processing user-supplied data through the web administration portal, creating an exploitable condition that can be leveraged for remote code execution or system disruption.
The technical implementation of this flaw involves a classic stack-based buffer overflow scenario where attacker-controlled input exceeds the allocated buffer space within the setSchedWifi function. When the firmware processes a specially crafted payload through the web interface, the excessive data overflows the stack frame, potentially overwriting adjacent memory locations including return addresses and function pointers. This memory corruption can lead to arbitrary code execution if properly controlled or may result in a denial of service condition when the stack overflow causes the application to crash or become unresponsive. The vulnerability aligns with CWE-121, which specifically addresses stack-based buffer overflow conditions, and represents a significant security risk for network infrastructure devices.
The operational impact of this vulnerability extends beyond simple system instability, as it provides attackers with potential remote access capabilities to the affected router. An attacker could exploit this vulnerability from an unauthenticated network position to gain administrative control over the device, potentially enabling man-in-the-middle attacks, traffic interception, or further network infiltration. The DoS aspect of this vulnerability means that even if code execution is not achieved, the device could be rendered inoperable, disrupting network connectivity for all devices relying on that router. This type of vulnerability is particularly concerning in enterprise environments where network stability and security are paramount, as it could serve as an initial access point for broader network compromise.
Mitigation strategies for CVE-2023-27012 should prioritize immediate firmware updates from Tenda, as the vendor has likely released patches addressing this specific stack overflow condition. Network administrators should implement network segmentation and access controls to limit exposure, while also monitoring for suspicious network activity that might indicate exploitation attempts. The implementation of web application firewalls and intrusion detection systems can help detect and block malicious payloads targeting this vulnerability. Additionally, organizations should conduct thorough vulnerability assessments of their network infrastructure to identify other potentially affected devices running similar firmware versions. This vulnerability demonstrates the importance of proper input validation and memory management practices in embedded systems, aligning with ATT&CK technique T1210 for exploitation of remote services and T1059 for execution through command injection mechanisms.