Primary

Context

Tenda AC23 API Interface Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Tenda AC23 router, specifically in version 16.03.07.52. The issue arises within the API interface, particularly in the file '/goform/VerAPIMant', where the 'getuid' argument can be manipulated to disrupt service. This vulnerability can be exploited remotely, causing a significant impact on the router's availability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the router to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending a request to the '/goform/VerAPIMant' endpoint with a manipulated 'getuid' argument. This can be done remotely, causing the router to enter a denial-of-service state.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC23 API Interface Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC23

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating