CVE-2023-40904 in AC10
Summary
by MITRE • 08/24/2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/30/2026
The vulnerability identified as CVE-2023-40904 affects the Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn wireless router firmware, representing a critical stack overflow condition that can be exploited through the web interface configuration parameters. This issue resides within the /goform/setMacFilterCfg endpoint which handles MAC address filtering configuration settings. The vulnerability manifests when processing the macFilterType and deviceList parameters, both of which are susceptible to buffer overflow conditions that can be triggered through malformed input data.
The technical flaw stems from improper input validation and boundary checking within the firmware's web form processing logic. When the router receives requests containing excessively long strings in either the macFilterType or deviceList parameters, the system fails to properly validate the input length before copying data into fixed-size stack buffers. This classic buffer overflow vulnerability allows an attacker to overwrite adjacent memory locations including return addresses and control data, potentially enabling arbitrary code execution on the affected device. The vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which specifically addresses buffer overflows occurring in stack memory regions.
The operational impact of this vulnerability is severe as it can enable remote code execution on the affected router without requiring authentication. An attacker can leverage this vulnerability to gain full administrative control over the device, potentially leading to complete network compromise. The compromised router could then be used as a pivot point for attacking other devices on the local network, or to redirect traffic through malicious servers. Additionally, attackers could modify network configuration settings, disable security features, or establish persistent backdoors within the network infrastructure. This vulnerability directly maps to attack techniques described in the MITRE ATT&CK framework under T1059 Command and Scripting Interpreter and T1071 Application Layer Protocol, as it enables arbitrary command execution and network protocol manipulation.
Mitigation strategies for this vulnerability should include immediate firmware updates from Tenda to address the buffer overflow conditions in the affected web interface components. Network administrators should also implement network segmentation and monitoring to detect anomalous traffic patterns that might indicate exploitation attempts. Additional protective measures include disabling unnecessary web management interfaces, implementing strict access controls for router administration, and regularly monitoring router logs for suspicious activity. The vulnerability highlights the importance of proper input validation and secure coding practices in embedded systems, particularly those handling user-provided data through web interfaces. Organizations should also consider implementing network intrusion detection systems to monitor for exploitation attempts targeting known vulnerabilities in networking equipment, as this type of vulnerability is commonly targeted in automated exploitation campaigns.