CVE-2023-27019 in AC10info

Summary

by MITRE • 04/07/2023

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 11/14/2025

The vulnerability identified as CVE-2023-27019 represents a critical stack overflow flaw within the Tenda AC10 wireless router firmware version US_AC10V4.0si_V16.03.10.13_cn. This issue manifests through the sub_458FBC function, which fails to properly validate input parameters before processing them, creating an exploitable condition that can be leveraged by remote attackers. The stack overflow occurs when malformed data is sent to the affected device, causing the program to overwrite adjacent memory locations on the stack. This type of vulnerability falls under the Common Weakness Enumeration category CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite stack memory.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it provides potential for arbitrary code execution within the router's operating environment. Attackers who successfully exploit this weakness can gain unauthorized access to the device's command execution environment, potentially leading to complete system compromise. The vulnerability's remote exploitability means that malicious actors do not require physical access to the device or network proximity to launch attacks, making it particularly dangerous in enterprise and residential network environments. The attack surface is further expanded by the fact that many routers remain unpatched for extended periods, creating persistent exposure windows for attackers.

From a threat modeling perspective, this vulnerability aligns with ATT&CK technique T1210 which covers exploitation of remote services, and T1059 which addresses command and scripting interpreters. The attack chain typically involves sending crafted packets to the router's web interface or network services, triggering the buffer overflow condition in the sub_458FBC function. The resulting system instability can manifest as device crashes, reboot loops, or more sinisterly, persistent backdoor access that allows attackers to maintain long-term presence on the network. Network administrators should consider this vulnerability as part of a broader attack surface assessment, particularly in environments where network infrastructure devices are not regularly updated or monitored for security patches.

Mitigation strategies for CVE-2023-27019 should prioritize immediate firmware updates from Tenda's official sources, as the vendor has likely released patches addressing this specific stack overflow condition. Network segmentation and firewall rules can provide temporary protection by restricting access to the router's management interfaces from untrusted networks. Additionally, implementing intrusion detection systems that monitor for unusual traffic patterns or malformed requests targeting router management ports can help identify exploitation attempts. Regular vulnerability assessments and network scanning should include identification of all router models and firmware versions to ensure comprehensive coverage of potential exposure points. Organizations should also consider implementing device authentication mechanisms and disabling unnecessary services to reduce the attack surface available to potential exploiters.

Reservation

02/27/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.01069

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!