CVE-2023-27017 in AC10
Summary
by MITRE • 04/07/2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/14/2025
The vulnerability identified as CVE-2023-27017 represents a critical stack overflow condition within the Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn firmware implementation. This issue manifests specifically within the sub_45DC58 function, which serves as a focal point for memory corruption vulnerabilities in the device's network management subsystem. The flaw resides in the improper handling of input data structures that are processed by this function, creating an exploitable condition where attacker-controlled data can overwrite critical stack memory regions.
The technical exploitation of this vulnerability follows established patterns for stack-based buffer overflow attacks as classified under CWE-121. The sub_45DC58 function fails to properly validate or limit the size of incoming data parameters, allowing an attacker to craft malicious payloads that exceed the allocated stack buffer space. When the function executes with oversized input data, it overflows the stack frame and potentially corrupts adjacent memory locations including return addresses, function pointers, and local variables. This memory corruption creates opportunities for arbitrary code execution or system instability leading to denial of service conditions.
From an operational perspective, this vulnerability presents significant risks to network infrastructure security and availability. The affected Tenda AC10 router model serves as a common consumer and small office networking device that typically operates in untrusted network environments where attackers may have physical or remote access to the device. The DoS capability allows attackers to disrupt network connectivity for legitimate users while the code execution potential enables full system compromise. This vulnerability aligns with ATT&CK technique T1210 for exploitation of remote services and T1499 for network disruption activities. The impact extends beyond simple service interruption as compromised devices can serve as entry points for broader network infiltration.
Security mitigation strategies for CVE-2023-27017 should prioritize immediate firmware updates from Tenda's official support channels to address the underlying buffer overflow condition. Network administrators should implement network segmentation and access controls to limit exposure of vulnerable devices to untrusted networks. Additionally, monitoring for suspicious network traffic patterns and anomalous device behavior can help detect exploitation attempts. The vulnerability demonstrates the importance of input validation and proper memory management practices in embedded systems as recommended by secure coding guidelines and standards such as those outlined in the CERT Secure Coding Standards. Organizations should also consider implementing intrusion detection systems specifically configured to identify patterns associated with buffer overflow exploitation attempts targeting similar network equipment.