CVE-2023-37703 - Vulnerability Details

Vendors	Products
Tenda	Fh1203 Fh1203 Firmware

Link	Providers
https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-37703", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-12T14:31:17.455Z", "dateReserved": "2023-07-10T00:00:00", "datePublished": "2023-07-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.901Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "tenda", "product": "fh1203", "cpes": ["cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "V2.0.1.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T14:30:40.889157Z", "id": "CVE-2023-37703", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T14:31:17.455Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-37703 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-11-12T14:31:17.455Z (string)

dateReserved : 2023-07-10T00:00:00 (string)

datePublished : 2023-07-10T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-07-10T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:16:30.901Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : tenda (string)

product : fh1203 (string)

cpes : [ »

0 : cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : V2.0.1.6 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-11-12T14:30:40.889157Z (string)

id : CVE-2023-37703 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-12T14:31:17.455Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-37703", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-12T14:31:17.455Z", "dateReserved": "2023-07-10T00:00:00", "datePublished": "2023-07-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.901Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37703", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-12T14:30:40.889157Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"], "vendor": "tenda", "product": "fh1203", "versions": [{"status": "affected", "version": "V2.0.1.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T14:31:10.471Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-37703 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-11-12T14:31:17.455Z (string)

dateReserved : 2023-07-10T00:00:00 (string)

datePublished : 2023-07-10T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-07-10T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:16:30.901Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-37703 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-11-12T14:30:40.889157Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:* (string)

]

vendor : tenda (string)

product : fh1203 (string)

versions : [ »

0 : { »

status : affected (string)

version : V2.0.1.6 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-12T14:31:10.471Z (string)

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."}], "id": "CVE-2023-37703", "lastModified": "2024-11-21T08:12:08.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-10T17:15:09.570", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. (string)

}

]

id : CVE-2023-37703 (string)

lastModified : 2024-11-21T08:12:08.390 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-07-10T17:15:09.570 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/6907 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object