CVE-2023-40901 in AC10
Summary
by MITRE • 08/24/2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/30/2026
The vulnerability identified as CVE-2023-40901 affects the Tenda AC10 v4 router firmware version US_AC10V4.0si_V16.03.10.13_cn and represents a critical stack overflow condition that can be exploited through the web interface. This issue manifests within the management interface of the device at the specific URL path /goform/setMacFilterCfg where two parameters macFilterType and deviceList are processed without adequate input validation or bounds checking. The vulnerability stems from improper handling of user-supplied data within the router's firmware code, creating an opportunity for attackers to manipulate the device's execution flow through carefully crafted malicious input.
The technical flaw occurs when the router processes the macFilterType and deviceList parameters through the setMacFilterCfg form handler. These parameters are directly used in stack operations without sufficient sanitization, allowing an attacker to overflow the allocated stack buffer space. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, which is classified as a critical weakness in software security. The stack overflow can potentially be exploited to execute arbitrary code on the device, as it allows an attacker to overwrite the return address of the function call stack and redirect program execution to malicious code. The vulnerability is particularly concerning because it exists within the administrative interface of a network device, providing potential attackers with elevated privileges to compromise the entire network infrastructure.
The operational impact of this vulnerability extends beyond simple device compromise as it enables attackers to gain unauthorized access to the router's administrative functions and potentially the entire local network. Once exploited, the attacker could modify network configurations, implement man-in-the-middle attacks, redirect traffic, or establish persistent backdoors within the network. The vulnerability affects the device's ability to properly validate input parameters, which could lead to complete system compromise and unauthorized network access. According to ATT&CK framework, this vulnerability aligns with T1210 Exploitation of Remote Services and T1071.004 Application Layer Protocol DNS, as it enables attackers to leverage the router's web interface for further network reconnaissance and lateral movement. The device's exposure to remote exploitation means that attackers do not require physical access or network proximity to exploit this vulnerability, making it particularly dangerous in enterprise and residential network environments.
Mitigation strategies for CVE-2023-40901 should prioritize immediate firmware updates from Tenda to address the stack overflow condition in the affected router model. Network administrators should implement network segmentation to isolate critical systems from potentially compromised devices and deploy intrusion detection systems to monitor for suspicious activities related to the affected URL path. Additional protective measures include disabling unnecessary administrative interfaces, implementing strong access controls, and conducting regular security assessments of network devices to identify similar vulnerabilities. Organizations should also consider network monitoring solutions that can detect anomalous behavior patterns associated with exploitation attempts. The vulnerability demonstrates the importance of proper input validation and buffer management in embedded systems, highlighting the need for comprehensive security testing of firmware components before deployment in production environments. Regular firmware updates and security patches are essential to maintaining device integrity and preventing exploitation of known vulnerabilities.