CVE-2023-49040 in AX1803
Summary
by MITRE • 11/27/2023
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/02/2026
The vulnerability CVE-2023-49040 represents a critical remote code execution flaw in the Tneda AX1803 router firmware version 1.0.0.1. This issue resides within the form_fast_setting_internet_set function where the adslPwd parameter is processed without adequate input validation or sanitization. The flaw allows an unauthenticated remote attacker to inject and execute arbitrary code on the affected device, potentially compromising the entire network infrastructure. The vulnerability stems from improper handling of user-supplied data in the web interface, creating an attack surface that enables privilege escalation and persistent access to the device. This type of vulnerability is classified under CWE-77 and aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as it enables execution of arbitrary commands through web-based interfaces.
The technical implementation of this vulnerability involves the router's web server processing the adslPwd parameter directly without proper sanitization or validation mechanisms. When an attacker submits malicious input through this parameter, the system fails to properly escape or validate the data before processing, leading to code injection. The affected firmware version 1.0.0.1 lacks proper input filtering and output encoding, making it susceptible to various injection attacks including command injection and code execution. This vulnerability can be exploited through HTTP requests targeting the specific web endpoint that handles internet configuration settings, requiring no authentication or prior access to the device.
The operational impact of CVE-2023-49040 is severe and multifaceted, potentially enabling complete compromise of the affected router and its connected network. Once exploited, attackers can gain root access to the device, allowing them to modify network configurations, install malicious software, monitor network traffic, and establish persistent backdoors. The vulnerability affects the entire network infrastructure as the router serves as the primary gateway, making it a critical point of compromise. Network administrators may lose visibility into their network traffic, and attackers can potentially use the compromised device as a pivot point for lateral movement within the network. This vulnerability also poses risks to data confidentiality and integrity, as the attacker can intercept and modify communications passing through the device.
Mitigation strategies for CVE-2023-49040 should prioritize immediate firmware updates from Tneda if available, as this represents the most effective defense against the known vulnerability. Network administrators should implement network segmentation and access controls to limit the potential impact of exploitation, while also deploying intrusion detection systems to monitor for suspicious activity related to the affected web interface. Regular security assessments of network infrastructure should include vulnerability scanning for similar issues in other network devices and firmware versions. The implementation of web application firewalls and input validation controls can provide additional layers of protection, while network monitoring should focus on identifying unusual traffic patterns that may indicate exploitation attempts. Organizations should also establish incident response procedures specifically addressing router compromise scenarios and ensure proper network access controls are in place to limit potential damage from successful exploitation attempts.