CVE-2023-27018 in AC10info

Summary

by MITRE • 04/07/2023

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 11/14/2025

The vulnerability identified as CVE-2023-27018 affects the Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn firmware version, representing a critical stack overflow condition within the sub_45EC1C function. This flaw resides in the router's firmware implementation and demonstrates a classic buffer management failure that can be exploited by remote attackers to gain unauthorized control over the device. The vulnerability stems from inadequate input validation and memory boundary checking within the firmware's processing routines, creating an exploitable condition that allows attackers to manipulate the program's execution flow through carefully crafted malicious inputs.

The technical nature of this vulnerability places it squarely within CWE-121, which defines stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The sub_45EC1C function appears to handle specific network packet processing or configuration parameter parsing where user-supplied data is directly copied into fixed-size stack buffers without proper size verification. This creates an opportunity for attackers to overflow the allocated stack space and potentially overwrite return addresses, function pointers, or other critical program state information. The attack vector requires remote exploitation since the vulnerable function processes network-received data, making it particularly dangerous as it can be triggered through standard network communication without physical access to the device.

The operational impact of this vulnerability extends beyond simple denial of service to encompass full system compromise capabilities. An attacker who successfully exploits this stack overflow can achieve arbitrary code execution on the affected router, potentially allowing them to install malicious firmware, redirect network traffic, or establish persistent backdoors for future access. The device's role as a primary network gateway means that successful exploitation could provide attackers with privileged network access, enabling them to monitor traffic, manipulate network settings, or use the compromised device as a launch point for attacks against other systems within the network. The DoS aspect of this vulnerability further compounds the risk as it can be used to disrupt network services or create conditions that facilitate more sophisticated attacks.

Mitigation strategies for CVE-2023-27018 should prioritize immediate firmware updates from Tenda, as this represents a vendor-specific vulnerability requiring official patches. Network administrators should implement network segmentation and access controls to limit exposure, while monitoring network traffic for suspicious activity that might indicate exploitation attempts. The vulnerability's classification aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as successful exploitation could enable attackers to execute arbitrary commands on the device. Additional defensive measures include implementing network intrusion detection systems to monitor for malformed packets targeting known vulnerable functions, disabling unnecessary services on the device, and maintaining detailed network logs for forensic analysis should exploitation occur. Organizations should also consider temporary network isolation of affected devices until proper patches are deployed to ensure continued network security and prevent potential lateral movement within compromised networks.

Reservation

02/27/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.01069

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!