CVE-2023-51960 in AX1803
Summary
by MITRE • 01/10/2024
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/16/2025
The vulnerability identified as CVE-2023-51960 affects the Tenda AX1803 router firmware version 1.0.0.1, representing a critical stack overflow condition that stems from improper input validation within the web interface processing logic. This issue manifests specifically when handling the iptv.city.vlan parameter through the formGetIptv function, creating a potential pathway for remote code execution and system compromise. The flaw resides in the router's web management interface where user-supplied parameters are not adequately sanitized before being processed, allowing malicious actors to craft specially crafted payloads that can overwrite stack memory regions.
The technical implementation of this vulnerability follows a classic stack buffer overflow pattern where the iptv.city.vlan parameter is passed directly to the formGetIptv function without proper bounds checking or input length validation. When an attacker submits a malformed value exceeding the allocated buffer size, the excess data overflows into adjacent memory locations, potentially corrupting the stack frame and overwriting critical control data such as return addresses. This condition enables attackers to redirect program execution flow and execute arbitrary code with the privileges of the web server process, typically running with administrative privileges on the device.
From an operational impact perspective, this vulnerability exposes the Tenda AX1803 to significant security risks including complete system compromise, persistent backdoor installation, and potential lateral movement within network environments where the device resides. The vulnerability is particularly concerning because it allows remote exploitation without authentication requirements, meaning attackers can leverage this flaw from outside the network perimeter. Network administrators may experience unauthorized access to the device's configuration, enabling them to modify network settings, redirect traffic, or establish persistent access points for future exploitation attempts.
The vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which specifically addresses buffer overflow conditions where data is written beyond the bounds of a stack-allocated buffer, and it maps to ATT&CK technique T1210 for exploiting weaknesses in remote services. The attack surface is expanded by the fact that this vulnerability exists in a widely deployed consumer router model, increasing the potential impact across numerous network environments. Organizations should consider implementing network segmentation to isolate affected devices and monitor for suspicious network activity that might indicate exploitation attempts. The recommended mitigation strategy involves immediate firmware updates from Tenda to address the input validation deficiencies and implementing network access controls to restrict direct access to device management interfaces from untrusted networks.