CVE-2023-27021 in AC10info

Summary

by MITRE • 04/07/2023

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 11/14/2025

The vulnerability identified as CVE-2023-27021 represents a critical stack overflow flaw within the Tenda AC10 wireless router firmware version US_AC10V4.0si_V16.03.10.13_cn. This issue manifests through the formSetFirewallCfg function, which processes configuration parameters without adequate input validation or bounds checking. The stack overflow occurs when maliciously crafted payloads are sent to the affected device, potentially compromising the router's memory integrity and execution flow. This vulnerability falls under the Common Weakness Enumeration category CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations on the program stack. The affected Tenda AC10 model represents a common consumer-grade router that serves as a primary network gateway for residential and small office environments, making it an attractive target for attackers seeking persistent network access.

The technical exploitation of this vulnerability enables adversaries to execute arbitrary code on the affected device or induce a denial of service condition that renders the router inoperable. When an attacker sends a specially crafted payload to the router through the formSetFirewallCfg function, the malformed input causes the stack to overflow, potentially allowing the attacker to overwrite return addresses, function pointers, or other critical stack variables. This type of vulnerability aligns with ATT&CK technique T1059.007, which covers command and scripting interpreter usage, particularly when attackers leverage such vulnerabilities to establish persistent access. The router's operating system, likely based on embedded linux, becomes vulnerable to code execution that could allow attackers to install backdoors, modify firewall rules, or redirect network traffic to malicious endpoints. The impact extends beyond simple service disruption since successful exploitation could provide attackers with complete control over the network gateway, potentially enabling them to monitor network traffic, block legitimate connections, or use the device as a pivot point for attacks on internal network resources.

The operational consequences of CVE-2023-27021 are severe for affected organizations and individuals who rely on Tenda AC10 routers for network connectivity. The vulnerability creates a persistent security risk that can be exploited remotely without requiring authentication, making it particularly dangerous for unpatched devices in both residential and commercial environments. Network administrators face the challenge of identifying potentially compromised devices within their infrastructure, as the attack surface includes any device running the vulnerable firmware version. The vulnerability also demonstrates the broader issue of insufficient input validation in embedded networking equipment, which is frequently overlooked in favor of functionality over security. This flaw exemplifies ATT&CK technique T1210, which involves exploitation of remote services through vulnerabilities in network infrastructure devices. Organizations should consider implementing network segmentation and monitoring for unusual traffic patterns that might indicate exploitation attempts, while also prioritizing firmware updates to address this vulnerability. The presence of such a flaw in consumer-grade networking equipment highlights the need for better security practices in embedded systems development and the importance of regular security assessments for network infrastructure components.

The recommended mitigations for CVE-2023-27021 include immediate firmware updates from Tenda to address the stack overflow vulnerability in the formSetFirewallCfg function. Network administrators should also implement network monitoring to detect potential exploitation attempts and consider disabling unnecessary services on affected devices until patches are applied. Additional protective measures include network segmentation to limit the impact of potential compromise and regular vulnerability scanning to identify other potentially vulnerable network devices. The vulnerability underscores the importance of proper input validation and bounds checking in embedded systems development, aligning with security best practices outlined in industry standards such as NIST SP 800-160 and ISO/IEC 27034 for secure software development lifecycle processes. Organizations should also consider implementing intrusion detection systems that can identify anomalous behavior patterns consistent with exploitation attempts targeting network infrastructure devices.

Reservation

02/27/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.01069

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!